Re: configuration kerberos in Postgre sql - Mailing list pgsql-admin
| From | rahimeh khodadadi |
|---|---|
| Subject | Re: configuration kerberos in Postgre sql |
| Date | |
| Msg-id | bbeb3140910161150t4514ea2dsecd2529abc19e12@mail.gmail.com Whole thread Raw |
| In response to | Re: configuration kerberos in Postgre sql (rahimeh khodadadi <rahimeh.khodadadi@gmail.com>) |
| Responses |
Re: configuration kerberos in Postgre sql
(Geoff Tolley <geoff.tolley@yougov.com>)
|
| List | pgsql-admin |
have never been worked with krb5 in postgresql?
On 10/12/09, rahimeh khodadadi <rahimeh.khodadadi@gmail.com> wrote:
> nobody could help me?
>
> On Sun, Oct 11, 2009 at 5:06 PM, rahimeh khodadadi <
> rahimeh.khodadadi@gmail.com> wrote:
>
>> Hi,
>>
>> after compling the postgresql --with-krb5 and setting up the krb5-server
>> in centos, I configured the *postgresql.conf* as bellow:
>>
>> *krb_server_keyfile = '/var/kerberos/krb5kdc/kadm5.keytab'*
>> *krb_srvname = 'POSTGRES' * # (Kerberos only)
>> #krb_caseins_users = off
>>
>> and
>>
>> my *pg_hba.conf* is :
>>
>> # "local" is for Unix domain socket connections only
>> local all postgres trust
>> # IPv4 local connections:
>> host all *frank* 0.0.0.0/0 krb5
>> #host all all 127.0.0.1/32 trust
>> # IPv6 local connections:
>> host all all ::1/128 trust
>>
>>
>> ,and kdc.conf
>>
>> kdcdefaults]
>> v4_mode = nopreauth
>> kdc_tcp_ports = 88
>>
>> [realms]
>> EXAMPLE.COM = {
>> #master_key_type = des3-hmac-sha1
>> * acl_file = /var/kerberos/krb5kdc/kadm5.acl*
>> dict_file = /usr/share/dict/words
>> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
>> supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
>> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
>> des-cbc-crc:afs3
>> }
>>
>> Then, I created the user frank as :
>>
>> kadmin.local
>> Authenticating as principal rahimeh/admin@EXAMPLE.COM with password.
>> kadmin.local: * ank frank*
>> WARNING: no policy specified for frank@EXAMPLE.COM; defaulting to no
>> policy
>> Enter password for principal "frank@EXAMPLE.COM":
>> Re-enter password for principal "frank@EXAMPLE.COM":
>>
>> *kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank*
>> Entry for principal frank with kvno 2, encryption type Triple DES cbc
>> mode
>> with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>> Entry for principal frank with kvno 2, encryption type ArcFour with
>> HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>> Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1
>> added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>> Entry for principal frank with kvno 2, encryption type DES cbc mode with
>> RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>>
>> Finally, it gives error like:
>>
>> [root@localhost ~]# *kinit frank* -t /var/kerberos/krb5kdc/kadm5.keytab
>> Password for frank@EXAMPLE.COM:
>> *kinit(v5): Password incorrect while getting initial credentials*
>>
>> or
>>
>> in cmd when I run this instruction the below error is shown.
>>
>> [root@localhost bin]# ./psql -h 127.0.0.1 -U frank
>> *psql: krb5_sendauth: Bad application version was sent (via sendauth)*
>>
>>
>> Please help me.
>>
>>
>>
>> --
>> With Best Regards
>> Miss.KHodadadi
>>
>
>
>
> --
> With Best Regards
> Miss.KHodadadi
>
--
With Best Regards
Miss.KHodadadi
pgsql-admin by date: