Re: GSSAPI Authentication Problem

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: John Slattery <johntslattery(at)gmail(dot)com>
Cc: pgsql-odbc(at)postgresql(dot)org
Subject: Re: GSSAPI Authentication Problem
Date: 2012-08-03 21:41:24
Message-ID: 20120803214124.GJ1267@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-odbc

John,

* John Slattery (johntslattery(at)gmail(dot)com) wrote:
> Following is the information you suggested reporting. The test is with
> 'User Name' = 'john'. I used a system DSN generated with the ODBC data
> source administrator. Before I set 'User Name' = 'john', I
> successfully tested the DSN with user csmprovver whose AD and PG names
> are identical with 'User Name' = ''.

After you have tried to connect, you might try running 'klist' on the
Windows system and reviewing the tickets to see if you acquired a ticket
for the postgres service.

In general, this does look very similar to our setup (which works just
fine). I will say that we always use "include_realm=1" and then have
the mapping include the realm, eg:

pg_hba.conf:

host all all 0.0.0.0/0 gss include_realm=1 map=krbmap

pg_ident.conf:

krbmap /^[mM]12345(at)REALM\(dot)ORG$ sfrost

In the end, however, it sounds like that's some kind of GSSAPI issue
that's causing trouble (hence the gssapi auth complaint in the server
log). Is there any additional information around that error about what
the GSSAPI error is? Have you tried increasing the verbosity of the
server messages to see if more information is provided?

Thanks,

Stephen

In response to

Responses

Browse pgsql-odbc by date

  From Date Subject
Next Message Stephen Frost 2012-08-03 21:45:10 Re: GSSAPI Authentication Problem
Previous Message John Slattery 2012-08-03 19:55:58 Re: GSSAPI Authentication Problem