Hi !
Does anyone know how to log or debug authentication against ad?
A few years ago is it was possible to log everything to confirm using the
right KDC and the right principal and hereby be sure to send the right
userid possible concatenated with the realm.(I can't remember exacty) As far as I can see this is not possible anymore. When using ldapsearch everything works fine.But the ldap authentication does not help much as the pg_log is just responting thd failure of credentials. Changing password using Kerberos works fine(does this use the keytab or is the KDC issuing a new ticket).
The documented examples is used using cn=gssapi, cn=auth
Is it possible to use cached ticket in the keytab option in postgresql.conf
when enabling the use of gssapi.
Sorry for a lot of questions but I thing there is a lack logs/debugging
facilities now. 4-5 years ago it was no problem.
Thanks
Poul