Re: Fwd: psql+krb5

From: rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>, PG-General Mailing List <pgsql-general(at)postgresql(dot)org>
Subject: Re: Fwd: psql+krb5
Date: 2009-12-02 06:40:43
Message-ID: bbeb3140912012240x68b483bbjfe9370f4a1eb10ab@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-docs pgsql-general pgsql-hackers pgsql-odbc

I thanks from Stephen and Craig for their replying.
I am sorry for doing cross posting, But I did not know about it before. I
had to do for solving the problem, because no one did me answer .

On Wed, Dec 2, 2009 at 5:15 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:

> * Craig Ringer (craig(at)postnewspapers(dot)com(dot)au) wrote:
> > I've dropped all your cross-posts; this is just going to PgSQL-general.
>
> Thanks for that.
>
> > On 30/11/2009 3:29 PM, rahimeh khodadadi wrote:
> >
> >> psql: *krb5_sendauth: Bad application version was sent (via sendauth)*
> >
> > Also: a search for your error message finds this post, which, while
> > related to a Windows kerberos server, seems to apply:
>
> It's the same kind of issue (wrong service name), but I think the real
> problem is this:
>
> krb_srvname = 'postgres/star(at)EXAMPLE(dot)COM'
>
> The documentation, I think, is pretty clear:
>
> http://www.postgresql.org/docs/8.4/interactive/auth-methods.html#KERBEROS-AUTH
>
> PostgreSQL operates like a normal Kerberos service. The name of the
> service principal is servicename/hostname(at)realm(dot)
>
> servicename can be set on the server side using the krb_srvname
> configuration parameter
>
> The above should just be:
>
> krb_srvname = 'postgres'
>
> Or, better, just removed. Unless you're running under a Microsoft
> Active Directory Kerberos environment, the default should 'just work'.
>
> Additionally, this is also almost certainly wrong:
>
> krb_server_hostname = 'star'
>
> Again, referring to the same documentation:
>
> hostname is the fully qualified host name of the server machine.
>
> You really should have a proper FQDN set for this system. I would also
> recommend using a real domain rather than 'EXAMPLE.COM'. Also, I didn't
> see the version of PostgreSQL, but if you're using something recent your
> auth method should really be 'gss' instead of 'krb5'.
>
> > I don't know much about Kerberos, not I suspect do all that many people
> > on the list, so I can't be of any more help.
>
> Unfortunately, I don't pay as close attention to the lists as I wish I
> could. Kerberos with PG is actually a solution I typically recommend.
>
> Thanks,
>
> Stephen
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAksVxtQACgkQrzgMPqB3kihTAwCfYonsLsS1EirM+LQ89NbU+lXz
> loQAn0dK1N6xco7Wdtq4m5SVPjMWaC9G
> =zeD5
> -----END PGP SIGNATURE-----
>
>

--
With Best Regards
Miss.KHodadadi

In response to

Browse pgsql-docs by date

  From Date Subject
Next Message Josh Kupershmidt 2009-12-19 03:43:01 "--version" flag missing from man pages
Previous Message Stephen Frost 2009-12-02 01:45:56 Re: Fwd: psql+krb5

Browse pgsql-general by date

  From Date Subject
Next Message silly8888 2009-12-02 06:44:57 Re: Synchronize filenames in table with filesystem
Previous Message Sachin Srivastava 2009-12-02 04:37:35 Re: how to install just client libraries on windows?

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Smith 2009-12-02 06:55:56 Re: pgbench: new feature allowing to launch shell commands
Previous Message Tom Lane 2009-12-02 05:24:04 Re: [PATCH] bugfix for int2vectorin

Browse pgsql-odbc by date

  From Date Subject
Next Message Daniela Mamede d'Almeida 2009-12-02 14:35:18 Re: Hi!
Previous Message Stephen Frost 2009-12-02 01:45:56 Re: Fwd: psql+krb5