Re: psql+krb5

To: debian-russian@lists.debian.org
Subject: Re: psql+krb5
From: Denis Feklushkin <denis.feklushkin@gmail.com>
Date: Sun, 29 Nov 2009 22:59:46 +0700
Message-id: <[🔎] 20091129225946.521c9acb@db>
In-reply-to: <bbeb3140911290325tc8870eamd6dd9fe8961bdba2@mail.gmail.com>
References: <[🔎] bbeb3140911282318p7ee124efm80da7c4029c10c91@mail.gmail.com> <20091129174504.545219cc@db> <bbeb3140911290253u59ef66e9tb6791f37b21765c9@mail.gmail.com> <20091129181833.5e00ce2e@db> <bbeb3140911290325tc8870eamd6dd9fe8961bdba2@mail.gmail.com>

On Sun, 29 Nov 2009 14:55:03 +0330
rahimeh khodadadi <rahimeh.khodadadi@gmail.com> wrote:

> These items have added after my sending.
> 
> I repeat again my configurations:
> 
> 
> *1) The configuration of  krb5.conf is:
>  [realms]
>    EXAMPLE.COM <http://example.com/> ={
>      kdc=star :88
>      admin_server=star:749
>      default_domain= example.com
> }
> .....*
> 
> 2) Then, I created principal as* "  postgres/star@EXAMPLE.COM "* and
> its password is saved in* '/usr/local/pgsql/data/postgresql.keytab' .*
> 
> (star is localhost IP, but in hosts.conf I configure like:
> 213.233.169.93 star)
> 
> 3) I setup *postgresql.conf *as below:
> 
> krb_server_keyfile = '/usr/local/pgsql/data/
> postgresql.keytab'
> krb_srvname = 'postgres/star@EXAMPLE.COM'
> krb_server_hostname = 'star'         # empty string matches any
> keytab entry krb_caseins_users = off
> 
> 4) I *create user "frank"*  in Psql .
> 
> 5) Then I set up* hba.conf :*
> 
> host    all         all         0.0.0.0/0              krb5
> host    all         all         127.0.0.1/32           krb5
> 
> When I want to connect to Postgresql, it gives error.
> 
> # *kinit frank*
> 
> [root@star bin]# *./psql -h star  -U frank  -d test*
> 
> psql: *krb5_sendauth: Bad application version was sent (via sendauth)*
> 
> I should mention that * both postgresql server and krb-server are in
> same system* and* my IP is acquring from dhcp server  of
> university*.  Where is wrong.
> 
> 2009/11/29 Denis Feklushkin <denis.feklushkin@gmail.com>
> 
> > On Sun, 29 Nov 2009 14:23:52 +0330
> > rahimeh khodadadi <rahimeh.khodadadi@gmail.com> wrote:
> >
> > > Thanks for your replying. My detail of configuration is:
> > >
> > > I try to setup kerberos authentication in Postgresql 8.1.18 on
> > > centos.
> > >
> > > But I have some problem.
> > >
> > > 1) The configuration of  krb5.conf is:
> > >  [realms]
> > >   EXAMPLE.COM <http://example.com/><http://EXAMPLE.COM
> > > <http://example.com/>> ={
> > >
> > >     kdc=star :88
> > >     admin_server=star:749
> > >     default_domain= example.com<http://example.com
> > > >
> > > > >
> > > > }
> > > > .....
> > > >
> > > > 2) Then, I created principal as "
> > > > postgres/star@EXAMPLE.COM<mailto: star@EXAMPLE.COM> " and its
> > > > password is saved in '/usr/local/pgsql/data/postgresql.keytab' .
> > > >
> > > >
> > > > (star is localhost IP, but in hosts.conf I configure like:
> > > > 213.233.169.93 star)
> > > >
> > > > 3) I setup postgresql.conf as below:
> > > >
> > > > krb_server_keyfile = '/usr/local/pgsql/data/
> > > > postgresql.keytab'
> > > > krb_srvname =
> > > > 'postgres/star@EXAMPLE.COM<mailto:star@EXAMPLE.COM>'
> > > >
> > > > krb_server_hostname = 'star'         # empty string matches any
> > > > keytab entry
> > > > krb_caseins_users = off
> > > >
> > > > 4) I create user "frank"  in Psql .
> > > >
> > > > 5) Then I set up hba.conf :
> > > >
> > > > host    all         all         0.0.0.0/0<http://0.0.0.0/0>
> > > >  krb5
> > > > host    all         all
> > > > 127.0.0.1/32<http://127.0.0.1/32> krb5
> > > >
> > > >
> > > > When I want to connect to Postgresql, it gives error.
> > > >
> > > > # kinit frank
> > > >
> > > > [root@star bin]# ./psql -h star  -U frank  -d test
> > > >
> > > > psql: krb5_sendauth: Bad application version was sent (via
> > > > sendauth)
> > > >
> > >
> > > some changes in users gives below error :
> > > "[root@www bin]# ./psql -h 213.233.168.249  -U postgres
> > >   psql: Kerberos 5 authentication rejected:  Wrong principal in
> > > request"
> > >
> > >
> > > > I should mention that  both postgresql server and krb-server
> > > > are in same system and my IP is acquring from dhcp server  of
> > > > university. Where is wrong.
> > > >
> > >
> > >
> > >
> > > 2009/11/29 Denis Feklushkin <denis.feklushkin@gmail.com>
> > >
> > > > On Sun, 29 Nov 2009 10:48:30 +0330
> > > > rahimeh khodadadi <rahimeh.khodadadi@gmail.com> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > When I want to connect to psql via krb5 in Linux, it gives me
> > > > > error like: "[root@www bin]# ./psql -h 213.233.168.249  -U
> > > > > postgres psql: Kerberos 5 authentication rejected:  Wrong
> > > > > principal in request"
> > > >
> > > > Что в логах KDC?
> >     ^^^^^^^^^^^^^^^^ !!!
> >
> > И ещё, в тексте который Вы дали встречаются пробелы в именах
> > принципалов и странные записи "<mailto:star@EXAMPLE.COM>"
> >
> > При настройке важно чтобы ничего этого небыло
> >
> 
> 
> 

First, debian-russian@lists.debian.org is russian-language
maillist,please write your messages in russian

Second, I am asked to send KDC logs

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- psql+krb5
  - From: rahimeh khodadadi <rahimeh.khodadadi@gmail.com>

Prev by Date: Re: zsh "без ковычек"
Next by Date: Re: 4 KDE - ЗАЧЕМ? кому это надо?
Previous by thread: psql+krb5
Next by thread: 2133 web camera
Index(es):
- Date
- Thread