Re: GSS Authentication - Mailing list pgsql-general

I'm trying to get my PostgreSQL server on Linux configured so that I can connect from a Windows client using GSS Authentication against Active Directory.  I found some helpful references on how to do this, but I'm still coming up short.  To summarize what I've done so far by way of configuration:

1) On the Linux server, setup my krb5.conf file such that I can get a ticket from AD using kinit and confirm using klist.
2) Setup a new account in AD and used ktpass to create a keytab file for the SPN.
3) Copied the keytab file onto my postgres server and updated my postgresql.conf file appropriately (set the krb_server_keyfile to point to the file I just created.)

Then I wrote a little test Perl program to connect to my postgres database. 

use DBI;
use strict;

my $dbh = DBI->connect('DBI:Pg:dbname=postgres;host=host.domain.com;krbsrvname=POSTGRES') or die DBI->errstr;

When I try to run the Perl program I get this error:

DBI connect('dbname=postgres;host=host.domain.com;krbsrvname=POSTGRES')
failed: FATAL:  accepting GSS security context failed
DETAIL:  Miscellaneous failure: Unknown code ggss 3 at g.pl line 4
FATAL:  accepting GSS security context failed
DETAIL:  Miscellaneous failure: Unknown code ggss 3 at g.pl line 4

I then ramped up the debug logging on the postgres side and get this off the server:

2010-06-11 17:23:49 EDTDEBUG:  00000: Processing received GSS token of length 2119
2010-06-11 17:23:49 EDTLOCATION:  pg_GSS_recvauth, auth.c:965
2010-06-11 17:23:49 EDTDEBUG:  00000: gss_accept_sec_context major: 851968, minor: -2045022973, outlen: 0, outflags: 7f
2010-06-11 17:23:49 EDTLOCATION:  pg_GSS_recvauth, auth.c:984
2010-06-11 17:23:49 EDTFATAL:  XX000: accepting GSS security context failed
2010-06-11 17:23:49 EDTDETAIL:  Miscellaneous failure: Unknown code ggss 3
2010-06-11 17:23:49 EDTLOCATION:  pg_GSS_error, auth.c:866

I'm using PostgreSQL 8.4.4 on Enterprise Linux 4.

Can anyone offer any suggestions?

Thanks in advance.
Greig