Hi ! Does anyone know how to log or debug authentication against ad? A few years ago is it was possible to log everything to confirm using the right KDC and the right principal and hereby be sure to send the right userid possible concatenated with the realm.(I can't remember exacty) As far as I can see this is not possible anymore. When using ldapsearch everything works fine.But the ldap authentication does not help much as the pg_log is just responting thd failure of credentials. Changing password using Kerberos works fine(does this use the keytab or is the KDC issuing a new ticket). The documented examples is used using cn=gssapi, cn=auth Is it possible to use cached ticket in the keytab option in postgresql.conf when enabling the use of gssapi. Sorry for a lot of questions but I thing there is a lack logs/debugging facilities now. 4-5 years ago it was no problem.
Thanks Poul