Hi, I've recently updated from PostgreSQL 9.6 to 14 and also ubuntu 16.04 to 22.04. I've made all the installation required for postgresql to connect in GSSAPI authentication to a Windows domain.
Something is going wrong and I don't know why. When I change the mapped user password from "postgres" to anything else, the connection stop to work Log of postgres: Unspecified GSS failure. Minor code may provide more information: Request ticket server postgres/ubuntu.ad.corp....@ad.corp.com not found in keytab (ticket kvno 3) Here is the ktpass command (Windows AD): working: ktpass -out postgres.keytab -princ postgres/ubuntu.ad.corp....@ad.corp.com -mapUser AD\pgsql_ubuntu -pass postgres -mapOp add -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL not working: ktpass -out postgres.keytab -princ postgres/ubuntu.ad.corp....@ad.corp.com -mapUser AD\pgsql_ubuntu -pass other_password -mapOp add -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL I put the keytab on the postgres server, the keytab file is referenced in the postgresql.conf file. Here is the full procedure: 1. Create user in AD for postgresql mapping (pgsql_ubuntu), always valid, support AES256 2. Create another user for connection testing 3. run ktpass command 4. put the keytab file on the pg server in /etc/postgresql, chown to postgres and chmod 600 5. postgresql.conf krb_server_keyfile = '/etc/postgresql/postgres.keytab' 6. pg_hba is configured to connect over gss 7. ubuntu server (postgres) is added to domain with this command: sudo realm join server.ad.corp.com -U Administrateur I don't know why it works when the password is "postgres" and why I can't change it. With best regards,
