John,
* John Slattery (johntslattery@gmail.com) wrote:
> Following is the information you suggested reporting. The test is with
> 'User Name' = 'john'. I used a system DSN generated with the ODBC data
> source administrator. Before I set 'User Name' = 'john', I
> successfully tested the DSN with user csmprovver whose AD and PG names
> are identical with 'User Name' = ''.
After you have tried to connect, you might try running 'klist' on the
Windows system and reviewing the tickets to see if you acquired a ticket
for the postgres service.
In general, this does look very similar to our setup (which works just
fine). I will say that we always use "include_realm=1" and then have
the mapping include the realm, eg:
pg_hba.conf:
host all all 0.0.0.0/0 gss include_realm=1 map=krbmap
pg_ident.conf:
krbmap /^[mM]12345@REALM\.ORG$ sfrost
In the end, however, it sounds like that's some kind of GSSAPI issue
that's causing trouble (hence the gssapi auth complaint in the server
log). Is there any additional information around that error about what
the GSSAPI error is? Have you tried increasing the verbosity of the
server messages to see if more information is provided?
Thanks,
Stephen
