Skip site navigation (1) Skip section navigation (2)

Fwd: psql+krb5

From: rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com>
To: pgsql-odbc(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org, pgsql-docs(at)postgresql(dot)org
Subject: Fwd: psql+krb5
Date: 2009-11-30 07:29:35
Message-ID: bbeb3140911292329m5a6f4dfbjb539138119accc9c@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-docspgsql-generalpgsql-hackerspgsql-odbc
---------- Forwarded message ----------
From: rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com>
Date: 2009/11/29
Subject: Re: psql+krb5
To: Denis Feklushkin <denis(dot)feklushkin(at)gmail(dot)com>


These items have added after my sending.

I repeat again my configurations:


*
1) The configuration of  krb5.conf is:
 [realms]
   EXAMPLE.COM <http://example.com/> ={

     kdc=star :88
     admin_server=star:749
     default_domain= example.com
}
.....*

2) Then, I created principal as* "  postgres/star(at)EXAMPLE(dot)COM "* and its
password is saved in* '/usr/local/pgsql/data/postgresql.keytab' .*


(star is localhost IP, but in hosts.conf I configure like: 213.233.169.93
star)

3) I setup *postgresql.conf *as below:

krb_server_keyfile = '/usr/local/pgsql/data/
postgresql.keytab'
krb_srvname = 'postgres/star(at)EXAMPLE(dot)COM'

krb_server_hostname = 'star'         # empty string matches any keytab entry
krb_caseins_users = off

4) I *create user "frank"*  in Psql .

5) Then I set up* hba.conf :*

host    all         all         0.0.0.0/0              krb5
host    all         all         127.0.0.1/32           krb5


When I want to connect to Postgresql, it gives error.

# *kinit frank*

[root(at)star bin]# *./psql -h star  -U frank  -d test*

psql: *krb5_sendauth: Bad application version was sent (via sendauth)*

I should mention that * both postgresql server and krb-server are in same
system* and* my IP is acquring from dhcp server  of university*.  Where is
wrong.

2009/11/29 Denis Feklushkin <denis(dot)feklushkin(at)gmail(dot)com>

> On Sun, 29 Nov 2009 14:23:52 +0330
> rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com> wrote:
>
> > Thanks for your replying. My detail of configuration is:
> >
> > I try to setup kerberos authentication in Postgresql 8.1.18 on centos.
> >
> > But I have some problem.
> >
> > 1) The configuration of  krb5.conf is:
> >  [realms]
> >   EXAMPLE.COM <http://example.com/><http://EXAMPLE.COM
> > <http://example.com/>> ={
> >
> >     kdc=star :88
> >     admin_server=star:749
> >     default_domain= example.com<http://example.com
> > >
> > > >
> > > }
> > > .....
> > >
> > > 2) Then, I created principal as "  postgres/star(at)EXAMPLE(dot)COM<mailto:
> > > star(at)EXAMPLE(dot)COM> " and its password is saved in
> > > '/usr/local/pgsql/data/postgresql.keytab' .
> > >
> > >
> > > (star is localhost IP, but in hosts.conf I configure like:
> > > 213.233.169.93 star)
> > >
> > > 3) I setup postgresql.conf as below:
> > >
> > > krb_server_keyfile = '/usr/local/pgsql/data/
> > > postgresql.keytab'
> > > krb_srvname = 'postgres/star(at)EXAMPLE(dot)COM<mailto:star(at)EXAMPLE(dot)COM>'
> > >
> > > krb_server_hostname = 'star'         # empty string matches any
> > > keytab entry
> > > krb_caseins_users = off
> > >
> > > 4) I create user "frank"  in Psql .
> > >
> > > 5) Then I set up hba.conf :
> > >
> > > host    all         all         0.0.0.0/0<http://0.0.0.0/0>
> > >  krb5
> > > host    all         all         127.0.0.1/32<http://127.0.0.1/32>
> > >   krb5
> > >
> > >
> > > When I want to connect to Postgresql, it gives error.
> > >
> > > # kinit frank
> > >
> > > [root(at)star bin]# ./psql -h star  -U frank  -d test
> > >
> > > psql: krb5_sendauth: Bad application version was sent (via sendauth)
> > >
> >
> > some changes in users gives below error :
> > "[root(at)www bin]# ./psql -h 213.233.168.249  -U postgres
> >   psql: Kerberos 5 authentication rejected:  Wrong principal in
> > request"
> >
> >
> > > I should mention that  both postgresql server and krb-server are in
> > > same system and my IP is acquring from dhcp server  of university.
> > > Where is wrong.
> > >
> >
> >
> >
> > 2009/11/29 Denis Feklushkin <denis(dot)feklushkin(at)gmail(dot)com>
> >
> > > On Sun, 29 Nov 2009 10:48:30 +0330
> > > rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com> wrote:
> > >
> > > > Hi,
> > > >
> > > > When I want to connect to psql via krb5 in Linux, it gives me
> > > > error like: "[root(at)www bin]# ./psql -h 213.233.168.249  -U
> > > > postgres psql: Kerberos 5 authentication rejected:  Wrong
> > > > principal in request"
> > >
> > > Что в логах KDC?
>     ^^^^^^^^^^^^^^^^ !!!
>
> И ещё, в тексте который Вы дали встречаются пробелы в именах
> принципалов и странные записи "<mailto:star(at)EXAMPLE(dot)COM>"
>
> При настройке важно чтобы ничего этого небыло
>



-- 
With Best Regards
Miss.KHodadadi



-- 
With Best Regards
Miss.KHodadadi

Responses

pgsql-docs by date

Next:From: Robert HaasDate: 2009-12-01 15:22:03
Subject: Re: [HACKERS] Fwd: psql+krb5
Previous:From: Bruce MomjianDate: 2009-11-27 17:41:37
Subject: Re: vacuumdb clarification

pgsql-hackers by date

Next:From: Marko KreenDate: 2009-11-30 07:44:31
Subject: Re: Patch: Remove gcc dependency in definition of inline functions
Previous:From: Itagaki TakahiroDate: 2009-11-30 07:26:01
Subject: Re: ProcessUtility_hook

pgsql-odbc by date

Next:From: noreplyDate: 2009-11-30 14:54:40
Subject: [ psqlodbc-Bugs-1010735 ] Error on method Fields using client side recordset
Previous:From: Hiroshi InoueDate: 2009-11-26 15:38:16
Subject: Re: md5 authentication issues with psqlODBC driver for Windows

pgsql-general by date

Next:From: Hitoshi HaradaDate: 2009-11-30 07:34:28
Subject: Re: Postgres 8.4
Previous:From: A. KretschmerDate: 2009-11-30 06:56:15
Subject: Re: Access a Field / Column of a resultset by Number

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group