---------- Forwarded message ---------- From: rahimeh khodadadi <rahimeh.khodad...@gmail.com> Date: 2009/11/29 Subject: Re: psql+krb5 To: Denis Feklushkin <denis.feklush...@gmail.com>
These items have added after my sending. I repeat again my configurations: * 1) The configuration of krb5.conf is: [realms] EXAMPLE.COM <http://example.com/> ={ kdc=star :88 admin_server=star:749 default_domain= example.com } .....* 2) Then, I created principal as* " postgres/s...@example.com "* and its password is saved in* '/usr/local/pgsql/data/postgresql.keytab' .* (star is localhost IP, but in hosts.conf I configure like: 213.233.169.93 star) 3) I setup *postgresql.conf *as below: krb_server_keyfile = '/usr/local/pgsql/data/ postgresql.keytab' krb_srvname = 'postgres/s...@example.com' krb_server_hostname = 'star' # empty string matches any keytab entry krb_caseins_users = off 4) I *create user "frank"* in Psql . 5) Then I set up* hba.conf :* host all all 0.0.0.0/0 krb5 host all all 127.0.0.1/32 krb5 When I want to connect to Postgresql, it gives error. # *kinit frank* [r...@star bin]# *./psql -h star -U frank -d test* psql: *krb5_sendauth: Bad application version was sent (via sendauth)* I should mention that * both postgresql server and krb-server are in same system* and* my IP is acquring from dhcp server of university*. Where is wrong. 2009/11/29 Denis Feklushkin <denis.feklush...@gmail.com> > On Sun, 29 Nov 2009 14:23:52 +0330 > rahimeh khodadadi <rahimeh.khodad...@gmail.com> wrote: > > > Thanks for your replying. My detail of configuration is: > > > > I try to setup kerberos authentication in Postgresql 8.1.18 on centos. > > > > But I have some problem. > > > > 1) The configuration of krb5.conf is: > > [realms] > > EXAMPLE.COM <http://example.com/><http://EXAMPLE.COM > > <http://example.com/>> ={ > > > > kdc=star :88 > > admin_server=star:749 > > default_domain= example.com<http://example.com > > > > > > > > > > } > > > ..... > > > > > > 2) Then, I created principal as " postgres/s...@example.com<mailto: > > > s...@example.com> " and its password is saved in > > > '/usr/local/pgsql/data/postgresql.keytab' . > > > > > > > > > (star is localhost IP, but in hosts.conf I configure like: > > > 213.233.169.93 star) > > > > > > 3) I setup postgresql.conf as below: > > > > > > krb_server_keyfile = '/usr/local/pgsql/data/ > > > postgresql.keytab' > > > krb_srvname = 'postgres/s...@example.com<mailto:s...@example.com>' > > > > > > krb_server_hostname = 'star' # empty string matches any > > > keytab entry > > > krb_caseins_users = off > > > > > > 4) I create user "frank" in Psql . > > > > > > 5) Then I set up hba.conf : > > > > > > host all all 0.0.0.0/0<http://0.0.0.0/0> > > > krb5 > > > host all all 127.0.0.1/32<http://127.0.0.1/32> > > > krb5 > > > > > > > > > When I want to connect to Postgresql, it gives error. > > > > > > # kinit frank > > > > > > [r...@star bin]# ./psql -h star -U frank -d test > > > > > > psql: krb5_sendauth: Bad application version was sent (via sendauth) > > > > > > > some changes in users gives below error : > > "[r...@www bin]# ./psql -h 213.233.168.249 -U postgres > > psql: Kerberos 5 authentication rejected: Wrong principal in > > request" > > > > > > > I should mention that both postgresql server and krb-server are in > > > same system and my IP is acquring from dhcp server of university. > > > Where is wrong. > > > > > > > > > > > 2009/11/29 Denis Feklushkin <denis.feklush...@gmail.com> > > > > > On Sun, 29 Nov 2009 10:48:30 +0330 > > > rahimeh khodadadi <rahimeh.khodad...@gmail.com> wrote: > > > > > > > Hi, > > > > > > > > When I want to connect to psql via krb5 in Linux, it gives me > > > > error like: "[r...@www bin]# ./psql -h 213.233.168.249 -U > > > > postgres psql: Kerberos 5 authentication rejected: Wrong > > > > principal in request" > > > > > > Что в логах KDC? > ^^^^^^^^^^^^^^^^ !!! > > И ещё, в тексте который Вы дали встречаются пробелы в именах > принципалов и странные записи "<mailto:s...@example.com>" > > При настройке важно чтобы ничего этого небыло > -- With Best Regards Miss.KHodadadi -- With Best Regards Miss.KHodadadi