Re: Does psycopg2 support Kerberos for Postgres? - Mailing list psycopg
| From | Yang Gao |
|---|---|
| Subject | Re: Does psycopg2 support Kerberos for Postgres? |
| Date | |
| Msg-id | d9a13d25e828458a9a796c3c644f3b54@exmbdft5.ad.twosigma.com Whole thread Raw |
| In response to | Re: Does psycopg2 support Kerberos for Postgres? (Adrian Klaver <adrian.klaver@aklaver.com>) |
| List | psycopg |
That's a very good question. I pulled out the 2 libqp libraries. One in the default python installation that my
psycopg2uses and the other used in my pyodbc experiment where Kerberos works.
They are of the same name, but different builds. Looks like I was using a lib without Kerberos support!
If I replace the lib with the Kerberos supporting one, everything starts to work.
Thank you very much!
A further question, does psycopg2 respect the unixODBC's odbcinst.ini and odbc.ini (didn't find it in documentation)?
Isthere way to explicitly specify the driver library?
Yang
yangg@home:/proc/24196$ ldd /home/yangg/.conda/envs/py2/lib/libpq.so.5.8
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
linux-vdso.so.1 => (0x00007ffd38db5000)
libssl.so.1.0.0 => /home/yangg/.conda/envs/py2/lib/./libssl.so.1.0.0 (0x00007fcecf7e7000)
libcrypto.so.1.0.0 => /home/yangg/.conda/envs/py2/lib/./libcrypto.so.1.0.0 (0x00007fcecf3b0000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fcecf178000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcecedeb000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fcecebe7000)
/lib64/ld-linux-x86-64.so.2 (0x0000559f3b33b000)
yangg@home:/proc/24196$ ldd
/home/yangg/vats_code/.base_universe/current-architecture/ext/public/psqlodbc/09/05/0100/dist/lib/libpq.so.5.8
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
linux-vdso.so.1 => (0x00007ffee39e1000)
libssl-opt.so.1.0.0 => /opt/openssl/1.0/lib/libssl-opt.so.1.0.0 (0x00007f0b7e1e9000)
libcrypto-opt.so.1.0.0 => /opt/openssl/1.0/lib/libcrypto-opt.so.1.0.0 (0x00007f0b7dda7000)
libgssapi_krb5.so.2 => /opt/mitkrb5/lib/libgssapi_krb5.so.2 (0x00007f0b7db61000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f0b7d92a000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0b7d59d000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0b7d398000)
libkrb5.so.3 => /opt/mitkrb5/lib/libkrb5.so.3 (0x00007f0b7d0d6000)
libk5crypto.so.3 => /opt/mitkrb5/lib/libk5crypto.so.3 (0x00007f0b7cea7000)
libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f0b7cca2000)
libkrb5support.so.0 => /opt/mitkrb5/lib/libkrb5support.so.0 (0x00007f0b7ca97000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f0b7c881000)
/lib64/ld-linux-x86-64.so.2 (0x000055ec0f899000)
-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@aklaver.com]
Sent: Tuesday, December 06, 2016 10:59 AM
To: Yang Gao; 'psycopg@postgresql.org'
Subject: Re: [psycopg] Does psycopg2 support Kerberos for Postgres?
On 12/06/2016 07:41 AM, Yang Gao wrote:
> Yes, we are trying to use sqlAlchemy over psycopg2. However, my experiments have been on standalone psycopg2. Because
Iwas working back and forth, I took the wrong connection string.
I have to apologize. I was going back over the thread to see if I missed anything and I found you did mention using
SLQAlchemyin your first post.
> Here's the exact string that I'm using in stand-alone psycopg2:
>
> 1. conn_string = "host=fqdn_hostname' dbname='dbname' krbsrvname='postgres'"
> or
> 2. conn_string = "host=fqdn_hostname' dbname='dbname'"
>
> The 1 gives the error of: psycopg2.OperationalError: invalid connection option "krbsrvname"
> The 2 gives the error of: psycopg2.OperationalError: GSSAPI
> authentication not supported
This is to the remote host, correct?
Also what are the pg_hba.conf entries for the local and remote hosts?
Where does your libpq come from?
>
> Sorry for the earlier confusion.
>
> Thanks.
>
> Yang
>
>
>
> -----Original Message-----
> From: Adrian Klaver [mailto:adrian.klaver@aklaver.com]
> Sent: Tuesday, December 06, 2016 10:32 AM
> To: Yang Gao; 'psycopg@postgresql.org'
> Subject: Re: [psycopg] Does psycopg2 support Kerberos for Postgres?
>
> On 12/06/2016 07:20 AM, Yang Gao wrote:
>> You are most likely correct about local log in.
>>
>> This is the string that I'm using:
>>
>> sqlalchemy.create_engine("postgresql+psycopg2://fqdn_of_host/db_name"
>> ) I tried adding "? krbsrvname=postgres" at the end as well, but got
>> the error aforementioned.
>
> It would have been nice to know you where using SQLAlchemy above
> psycopg2 at the beginning of this conversation.
>
> So again can you show the actual complete string you are using?
>
> Not sure if this a cut and paste error but you have:
>
> ? krbsrvname=postgres
>
> Pretty sure the space between ? and krbsrvname is not good.
>
> Also what happens if you bypass SQLAlchemy and try to connect using
> psycopg2 directly?
>
>
>>
>> Thanks.
>>
>> Yang
>>
>>
>
>
>
--
Adrian Klaver
adrian.klaver@aklaver.com