| From: | rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: configuration kerberos in Postgre sql |
| Date: | 2009-10-16 18:50:00 |
| Message-ID: | bbeb3140910161150t4514ea2dsecd2529abc19e12@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
have never been worked with krb5 in postgresql?
On 10/12/09, rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com> wrote:
> nobody could help me?
>
> On Sun, Oct 11, 2009 at 5:06 PM, rahimeh khodadadi <
> rahimeh(dot)khodadadi(at)gmail(dot)com> wrote:
>
>> Hi,
>>
>> after compling the postgresql --with-krb5 and setting up the krb5-server
>> in centos, I configured the *postgresql.conf* as bellow:
>>
>> *krb_server_keyfile = '/var/kerberos/krb5kdc/kadm5.keytab'*
>> *krb_srvname = 'POSTGRES' * # (Kerberos only)
>> #krb_caseins_users = off
>>
>> and
>>
>> my *pg_hba.conf* is :
>>
>> # "local" is for Unix domain socket connections only
>> local all postgres trust
>> # IPv4 local connections:
>> host all *frank* 0.0.0.0/0 krb5
>> #host all all 127.0.0.1/32 trust
>> # IPv6 local connections:
>> host all all ::1/128 trust
>>
>>
>> ,and kdc.conf
>>
>> kdcdefaults]
>> v4_mode = nopreauth
>> kdc_tcp_ports = 88
>>
>> [realms]
>> EXAMPLE.COM = {
>> #master_key_type = des3-hmac-sha1
>> * acl_file = /var/kerberos/krb5kdc/kadm5.acl*
>> dict_file = /usr/share/dict/words
>> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
>> supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
>> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
>> des-cbc-crc:afs3
>> }
>>
>> Then, I created the user frank as :
>>
>> kadmin.local
>> Authenticating as principal rahimeh/admin(at)EXAMPLE(dot)COM with password.
>> kadmin.local: * ank frank*
>> WARNING: no policy specified for frank(at)EXAMPLE(dot)COM; defaulting to no
>> policy
>> Enter password for principal "frank(at)EXAMPLE(dot)COM":
>> Re-enter password for principal "frank(at)EXAMPLE(dot)COM":
>>
>> *kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank*
>> Entry for principal frank with kvno 2, encryption type Triple DES cbc
>> mode
>> with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>> Entry for principal frank with kvno 2, encryption type ArcFour with
>> HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>> Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1
>> added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>> Entry for principal frank with kvno 2, encryption type DES cbc mode with
>> RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>>
>> Finally, it gives error like:
>>
>> [root(at)localhost ~]# *kinit frank* -t /var/kerberos/krb5kdc/kadm5.keytab
>> Password for frank(at)EXAMPLE(dot)COM:
>> *kinit(v5): Password incorrect while getting initial credentials*
>>
>> or
>>
>> in cmd when I run this instruction the below error is shown.
>>
>> [root(at)localhost bin]# ./psql -h 127.0.0.1 -U frank
>> *psql: krb5_sendauth: Bad application version was sent (via sendauth)*
>>
>>
>> Please help me.
>>
>>
>>
>> --
>> With Best Regards
>> Miss.KHodadadi
>>
>
>
>
> --
> With Best Regards
> Miss.KHodadadi
>
--
With Best Regards
Miss.KHodadadi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Geoff Tolley | 2009-10-16 21:12:47 | Re: configuration kerberos in Postgre sql |
| Previous Message | Neha Patel | 2009-10-16 10:08:05 | Urgent Help required |