Re: Unable to get PostgreSQL 15 with Kerberos (GSS) working - Mailing list pgsql-general

From Stephen Frost
Subject Re: Unable to get PostgreSQL 15 with Kerberos (GSS) working
Date
Msg-id ZeCNzJ6P9sjyC+zI@tamriel.snowman.net
Whole thread Raw
In response to RE: Unable to get PostgreSQL 15 with Kerberos (GSS) working  (Matthew Dennison <mail@matty-uk.co.uk>)
List pgsql-general
Greetings,

* Matthew Dennison (mail@matty-uk.co.uk) wrote:
> If I run kinit and get Kerberos ticket ahead of running the command I then receive:

Right, have to kinit first.

> psql: error: connection to server at " hostname.mydomain.net " (::1), port 5432 failed: could not initiate GSSAPI
securitycontext: Unspecified GSS failure.  Minor code may provide more information: Server not found in Kerberos
database

Note the minor code info- Server not found in Kerberos database.  Also
note that it apparently connected to '::1' which would be localhost- by
default, the Kerberos library will do a reverse DNS lookup on the IP
that it connected to, to get the canonical name of the host.  That can
be disabled if necessary but really, when you use
'hostname.mydomain.net' that should be returning the host's real IP
address and not ::1.  I'd suggest looking into fixing that (maybe it's
in /etc/hosts that way?) and then this should work.

There are options to disable reverse DNS for Kerberos too and then it'll
use whatever you pass to '-h' to look the host up in the Kerberos
database, but that's really not ideal.

Thanks,

Stephen

Attachment

pgsql-general by date:

Previous
From: Anthony Codjoe - IQ-C
Date:
Subject: Voluntary Product Assessment For pgAdmin 8.3
Next
From: Rob Sargent
Date:
Subject: Re: Unable to get PostgreSQL 15 with Kerberos (GSS) working