Re: PostgreSQL with Kerberos and Active Directory

Not really - it's always worked that way for me :-(

Have you managed to make any other kerberised applications work on this
machine? There are sample programs in the kerberos package - try those to
see if the problem is in postgresql or int he kerberos libs/setup.

//Magnus

On Sun, Sep 02, 2007 at 12:05:54PM +0300, Idan Miller wrote:
> Hi Magnus,
>
> I tried changing the SPN to uppercase POSTGRES, but still the same error
> occurs.
> Any other ideas? (this didn't work both locally and remotely).
>
> Idan.
>
>
> On 8/31/07, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> >
> > Ok. I'd try locally from the machine first, so you know the krb
> > configurations are absolutely identical all the way. Just change your
> > pg_hba so it uses krb5 (and don't forget to use -h - krb5 only works over
> > TCP/IP sockets)
> >
> > THat said, I think your problem is in that you use "postgres" as your SPN.
> > It has to be uppercase POSTGRES to work with Active Directory.
> >
> > //Magnus
> >
> >
> > On Thu, Aug 30, 2007 at 03:34:18PM +0300, Idan Miller wrote:
> > > We tried to connect from a different gentoo machine.
> > > both client and server are running version 8.2.4 of postgresql.
> > > right now, we are trying to connect from gentoo, but we want to connect
> > from
> > > windows as well
> > >
> > > Idan
> > >
> > >
> > > On 8/30/07, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> > > >
> > > > On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote:
> > > > > Hi everyone,
> > > > >
> > > > > I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and
> > > > Active
> > > > > Directory.
> > > > > The AD is run on a windows 2003 server, and the postgre on gentoo.
> > > > > The gentoo computer name is postgre and it's added to the windows
> > 2003
> > > > > server AD domain.
> > > > >
> > > > > I did the following:
> > > > > - I compiled postgre with kerberos support and installed it on the
> > > > gentoo
> > > > > machine.
> > > > > - I created a keytab for the user postgres/postgre on the windows
> > 2003
> > > > > server machine and copied it to the gentoo machine.
> > > > > - I configured the postgresql.conf to point to the keytab.
> > > > > - I configured pg_hba.conf to authenticate remote users by kerberos.
> > > > > - I followed additional configurations from the howto in the mailing
> > > > list
> > > > > archives.
> > > > >
> > > > > Now, when trying to log in with an AD user to postgre I get:
> > > > > psq: krb5_sendauth: Bad application version was sent (via sendauth)
> > > > >
> > > > > Any help will be appreciated.
> > > >
> > > > Are you sure you have postgresql 8.2 on both ends of the connection?
> > Are
> > > > yuor clients on windos or unix?
> > > >
> > > > //Magnus
> > > >
> >