Thread: krb_server_hostname

krb_server_hostname

From
Ludek Finstrle
Date:
Hello,

  when I read documentation for PgSQL 8.1beta3 about krb_server_hostname
I think that it's enough insert into kerberos keytab only:
krb_srvname/krb_server_hostname@REALM
But pgsql have different behaviour for:

# psql -U pgsql -h localhost template1
psql: krb5_sendauth: Server not found in Kerberos database

and

# psql -U pgsql -h dejmal template1
Welcome to psql 8.1beta3, the PostgreSQL interactive terminal.

Part of postgresql.conf:
# Kerberos
krb_server_keyfile = '/data/pgsql/pgsql.keytab'
krb_srvname = 'pgsql'
krb_server_hostname = 'dejmal'
krb_caseins_users = off

Part of pg_hba.conf (dejmal has IP 192.168.1.13):
host    all         all         127.0.0.1/32          krb5
host    all         all         192.168.1.13/32       krb5

Do you have any idea what's going wrong?

Thanks

Luf

Re: krb_server_hostname

From
"Magnus Hagander"
Date:
> Hello,
>
>   when I read documentation for PgSQL 8.1beta3 about
> krb_server_hostname I think that it's enough insert into
> kerberos keytab only:
> krb_srvname/krb_server_hostname@REALM
> But pgsql have different behaviour for:
>
> # psql -U pgsql -h localhost template1
> psql: krb5_sendauth: Server not found in Kerberos database
>
> and
>
> # psql -U pgsql -h dejmal template1
> Welcome to psql 8.1beta3, the PostgreSQL interactive terminal.
>
> Part of postgresql.conf:
> # Kerberos
> krb_server_keyfile = '/data/pgsql/pgsql.keytab'
> krb_srvname = 'pgsql'
> krb_server_hostname = 'dejmal'
> krb_caseins_users = off
>
> Part of pg_hba.conf (dejmal has IP 192.168.1.13):
> host    all         all         127.0.0.1/32          krb5
> host    all         all         192.168.1.13/32       krb5
>
> Do you have any idea what's going wrong?

postgresql.conf only affects the server. The krb_srerver_hostname
parameter is intended for virtual hosting where postgresql is listening
on a non-default interface/hostname.

For the client you must use the appropriate FQDN that will resolve to
the SPN.

//Magnus