| From: | rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | configuration kerberos in Postgre sql |
| Date: | 2009-10-11 13:36:02 |
| Message-ID: | bbeb3140910110636i7ebf1183i80e57511396f8fc2@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi,
after compling the postgresql --with-krb5 and setting up the krb5-server in
centos, I configured the *postgresql.conf* as bellow:
*krb_server_keyfile = '/var/kerberos/krb5kdc/kadm5.keytab'*
*krb_srvname = 'POSTGRES' * # (Kerberos only)
#krb_caseins_users = off
and
my *pg_hba.conf* is :
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host all *frank* 0.0.0.0/0 krb5
#host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
,and kdc.conf
kdcdefaults]
v4_mode = nopreauth
kdc_tcp_ports = 88
[realms]
EXAMPLE.COM = {
#master_key_type = des3-hmac-sha1
* acl_file = /var/kerberos/krb5kdc/kadm5.acl*
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
des-cbc-crc:afs3
}
Then, I created the user frank as :
kadmin.local
Authenticating as principal rahimeh/admin(at)EXAMPLE(dot)COM with password.
kadmin.local: * ank frank*
WARNING: no policy specified for frank(at)EXAMPLE(dot)COM; defaulting to no policy
Enter password for principal "frank(at)EXAMPLE(dot)COM":
Re-enter password for principal "frank(at)EXAMPLE(dot)COM":
*kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank*
Entry for principal frank with kvno 2, encryption type Triple DES cbc mode
with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type ArcFour with HMAC/md5
added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1
added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES cbc mode with
RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Finally, it gives error like:
[root(at)localhost ~]# *kinit frank* -t /var/kerberos/krb5kdc/kadm5.keytab
Password for frank(at)EXAMPLE(dot)COM:
*kinit(v5): Password incorrect while getting initial credentials*
or
in cmd when I run this instruction the below error is shown.
[root(at)localhost bin]# ./psql -h 127.0.0.1 -U frank
*psql: krb5_sendauth: Bad application version was sent (via sendauth)*
Please help me.
--
With Best Regards
Miss.KHodadadi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | idris khanafi | 2009-10-12 09:29:35 | Error when running PG_DUMP |
| Previous Message | Dzmitry Lazerka | 2009-10-11 08:38:24 | Application SID does not match Conductor SID |