Re: GSS Authentication

I've been trying this as well off and on. In my case I'm not convinced the
AD configuration is correct (And someone else manages that).

Can you use kinit with the key tab options to get a good response from the
server? I think I should be able to do this ..
$ kinit -V -k -t poe3b.keytab HTTP/poe3b.lab2k.net
kinit(v5): Preauthentication failed while getting initial credentials

I'd be interested to know if you get something different - and the steps you
went through on the AD side.

Bryan.

On Fri, Jun 11, 2010 at 5:51 PM, <greigwise(at)comcast(dot)net> wrote:

> I'm trying to get my PostgreSQL server on Linux configured so that I can
> connect from a Windows client using GSS Authentication against Active
> Directory. I found some helpful references on how to do this, but I'm still
> coming up short. To summarize what I've done so far by way of
> configuration:
>
> 1) On the Linux server, setup my krb5.conf file such that I can get a
> ticket from AD using kinit and confirm using klist.
> 2) Setup a new account in AD and used ktpass to create a keytab file for
> the SPN.
> 3) Copied the keytab file onto my postgres server and updated my
> postgresql.conf file appropriately (set the krb_server_keyfile to point to
> the file I just created.)
>
> Then I wrote a little test Perl program to connect to my postgres
> database.
>
> use DBI;
> use strict;
>
> my $dbh = DBI->connect('DBI:Pg:dbname=postgres;host=host.domain.com;krbsrvname=POSTGRES')
> or die DBI->errstr;
>
> When I try to run the Perl program I get this error:
>
> DBI connect('dbname=postgres;host=host.domain.com;krbsrvname=POSTGRES')
> failed: FATAL: accepting GSS security context failed
> DETAIL: Miscellaneous failure: Unknown code ggss 3 at g.pl line 4
> FATAL: accepting GSS security context failed
> DETAIL: Miscellaneous failure: Unknown code ggss 3 at g.pl line 4
>
> I then ramped up the debug logging on the postgres side and get this off
> the server:
>
> 2010-06-11 17:23:49 EDTDEBUG: 00000: Processing received GSS token of
> length 2119
> 2010-06-11 17:23:49 EDTLOCATION: pg_GSS_recvauth, auth.c:965
> 2010-06-11 17:23:49 EDTDEBUG: 00000: gss_accept_sec_context major: 851968,
> minor: -2045022973, outlen: 0, outflags: 7f
> 2010-06-11 17:23:49 EDTLOCATION: pg_GSS_recvauth, auth.c:984
> 2010-06-11 17:23:49 EDTFATAL: XX000: accepting GSS security context failed
> 2010-06-11 17:23:49 EDTDETAIL: Miscellaneous failure: Unknown code ggss 3
> 2010-06-11 17:23:49 EDTLOCATION: pg_GSS_error, auth.c:866
>
> I'm using PostgreSQL 8.4.4 on Enterprise Linux 4.
>
> Can anyone offer any suggestions?
>
> Thanks in advance.
> Greig
>