Postgres Pro
Downloads
Home   >   mailing lists

Re: Fwd: psql+krb5 - Mailing list pgsql-general

From rahimeh khodadadi
Subject Re: Fwd: psql+krb5
Date
Msg-id bbeb3140912012240x68b483bbjfe9370f4a1eb10ab@mail.gmail.com
Whole thread Raw
In response to Re: Fwd: psql+krb5  (Stephen Frost <sfrost@snowman.net>)
List pgsql-general
Tree view
I thanks from Stephen and Craig for their replying.
I am sorry for doing cross posting, But I did not know about it before. I had to do for solving the problem, because no one did me answer .


On Wed, Dec 2, 2009 at 5:15 AM, Stephen Frost <sfrost@snowman.net> wrote:
* Craig Ringer (craig@postnewspapers.com.au) wrote:
> I've dropped all your cross-posts; this is just going to PgSQL-general.

Thanks for that.

> On 30/11/2009 3:29 PM, rahimeh khodadadi wrote:
>
>> psql: *krb5_sendauth: Bad application version was sent (via sendauth)*
>
> Also: a search for your error message finds this post, which, while
> related to a Windows kerberos server, seems to apply:

It's the same kind of issue (wrong service name), but I think the real
problem is this:

krb_srvname = 'postgres/star@EXAMPLE.COM'

The documentation, I think, is pretty clear:
http://www.postgresql.org/docs/8.4/interactive/auth-methods.html#KERBEROS-AUTH

 PostgreSQL operates like a normal Kerberos service. The name of the
 service principal is servicename/hostname@realm.

 servicename can be set on the server side using the krb_srvname
 configuration parameter

The above should just be:

krb_srvname = 'postgres'

Or, better, just removed.  Unless you're running under a Microsoft
Active Directory Kerberos environment, the default should 'just work'.

Additionally, this is also almost certainly wrong:

krb_server_hostname = 'star'

Again, referring to the same documentation:

 hostname is the fully qualified host name of the server machine.

You really should have a proper FQDN set for this system.  I would also
recommend using a real domain rather than 'EXAMPLE.COM'.  Also, I didn't
see the version of PostgreSQL, but if you're using something recent your
auth method should really be 'gss' instead of 'krb5'.

> I don't know much about Kerberos, not I suspect do all that many people
> on the list, so I can't be of any more help.

Unfortunately, I don't pay as close attention to the lists as I wish I
could.  Kerberos with PG is actually a solution I typically recommend.

       Thanks,

               Stephen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksVxtQACgkQrzgMPqB3kihTAwCfYonsLsS1EirM+LQ89NbU+lXz
loQAn0dK1N6xco7Wdtq4m5SVPjMWaC9G
=zeD5
-----END PGP SIGNATURE-----




--
With Best Regards
Miss.KHodadadi

pgsql-general by date:

Previous
From: Sachin Srivastava
Date:
Subject: Re: how to install just client libraries on windows?
Next
From: silly8888
Date:
Subject: Re: Synchronize filenames in table with filesystem