Postgres Pro
Downloads
Home   >   mailing lists

configuration kerberos in Postgre sql - Mailing list pgsql-admin

From rahimeh khodadadi
Subject configuration kerberos in Postgre sql
Date
Msg-id bbeb3140910110636i7ebf1183i80e57511396f8fc2@mail.gmail.com
Whole thread Raw
Responses Re: configuration kerberos in Postgre sql
List pgsql-admin
Tree view
Hi,

after compling the postgresql --with-krb5  and setting up the krb5-server in centos, I configured the postgresql.conf as bellow:

krb_server_keyfile = '/var/kerberos/krb5kdc/kadm5.keytab'
krb_srvname = 'POSTGRES'        # (Kerberos only)
#krb_caseins_users = off
 
and

my pg_hba.conf is :

# "local" is for Unix domain socket connections only
local   all         postgres                         trust
# IPv4 local connections:
host   all         frank       0.0.0.0/0            krb5
#host    all         all         127.0.0.1/32      trust
# IPv6 local connections:
host    all         all         ::1/128               trust


,and kdc.conf

kdcdefaults]
 v4_mode = nopreauth
 kdc_tcp_ports = 88

[realms]
 EXAMPLE.COM = {
  #master_key_type = des3-hmac-sha1
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
 }
 
Then, I created the user frank  as :

 kadmin.local
Authenticating as principal rahimeh/admin@EXAMPLE.COM with password.
kadmin.local:  ank frank
WARNING: no policy specified for frank@EXAMPLE.COM; defaulting to no policy
Enter password for principal "frank@EXAMPLE.COM":
Re-enter password for principal "frank@EXAMPLE.COM":

kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank
Entry for principal frank with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.

Finally, it gives error like:

[root@localhost ~]# kinit frank -t /var/kerberos/krb5kdc/kadm5.keytab
Password for frank@EXAMPLE.COM:
kinit(v5): Password incorrect while getting initial credentials

or

in cmd when I run this instruction the below error is shown.

[root@localhost bin]# ./psql -h 127.0.0.1  -U frank
psql: krb5_sendauth: Bad application version was sent (via sendauth)


Please help me.



--
With Best Regards
Miss.KHodadadi

pgsql-admin by date:

Previous
From: Dzmitry Lazerka
Date:
Subject: Application SID does not match Conductor SID
Next
From: rahimeh khodadadi
Date:
Subject: Re: configuration kerberos in Postgre sql