configuration kerberos in Postgre sql
am 11.10.2009 15:36:02 von rahimeh khodadadi--0015174766d6edc5050475a8e446
Content-Type: text/plain; charset=ISO-8859-1
Hi,
after compling the postgresql --with-krb5 and setting up the krb5-server in
centos, I configured the *postgresql.conf* as bellow:
*krb_server_keyfile = '/var/kerberos/krb5kdc/kadm5.keytab'*
*krb_srvname = 'POSTGRES' * # (Kerberos only)
#krb_caseins_users = off
and
my *pg_hba.conf* is :
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host all *frank* 0.0.0.0/0 krb5
#host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
,and kdc.conf
kdcdefaults]
v4_mode = nopreauth
kdc_tcp_ports = 88
[realms]
EXAMPLE.COM = {
#master_key_type = des3-hmac-sha1
* acl_file = /var/kerberos/krb5kdc/kadm5.acl*
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
des-cbc-crc:afs3
}
Then, I created the user frank as :
kadmin.local
Authenticating as principal rahimeh/admin@EXAMPLE.COM with password.
kadmin.local: * ank frank*
WARNING: no policy specified for frank@EXAMPLE.COM; defaulting to no policy
Enter password for principal "frank@EXAMPLE.COM":
Re-enter password for principal "frank@EXAMPLE.COM":
*kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank*
Entry for principal frank with kvno 2, encryption type Triple DES cbc mode
with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type ArcFour with HMAC/md5
added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1
added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES cbc mode with
RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Finally, it gives error like:
[root@localhost ~]# *kinit frank* -t /var/kerberos/krb5kdc/kadm5.keytab
Password for frank@EXAMPLE.COM:
*kinit(v5): Password incorrect while getting initial credentials*
or
in cmd when I run this instruction the below error is shown.
[root@localhost bin]# ./psql -h 127.0.0.1 -U frank
*psql: krb5_sendauth: Bad application version was sent (via sendauth)*
Please help me.
--
With Best Regards
Miss.KHodadadi
--0015174766d6edc5050475a8e446
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
after compling the postgresql --with-krb5=A0 and setting up the=
krb5-server in centos, I configured the postgresql.conf as bellow:<=
br>
krb_server_keyfile =3D '/var/kerberos/krb5kdc/kadm5.keytab=
9;
krb_srvname =3D 'POSTGRES'=A0 =A0 # (Kerberos on=
ly)
#krb_caseins_users =3D off
=A0
and
my pg_hba.conf<=
/b> is :
# "local" is for Unix domain socket connections o=
nly
local all postgres =
trust
# IPv4 local connections:
host all fran=
k =A0=
krb5
#host =A0 all =A0=
=A0 all 127.0.0.1/3=
2 =A0 trust
# IPv6 local connections:
host =A0 all all=
::1/128 =
trust
,and kdc.conf
kdcdefaults]
=A0v4_mode =3D nopre=
auth
=A0kdc_tcp_ports =3D 88
[realms]
=A0
MPLE.COM">EXAMPLE.COM =3D {
=A0 #master_key_type =3D des3-hmac-sha1
=A0 acl_file =3D /var/kerbero=
s/krb5kdc/kadm5.acl
=A0 dict_file =3D /usr/share/dict/words
=A0 a=
dmin_keytab =3D /var/kerberos/krb5kdc/kadm5.keytab
=A0 supported_enctype=
s =3D des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cb=
c-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
=A0}
=A0
Then, I created the user frank=A0 as :
=A0kadmin.loca=
l
Authenticating as principal rahimeh/
M">admin@EXAMPLE.COM with password.
kadmin.local:=A0 ank frank
>
WARNING: no policy specified for =
frank@EXAMPLE.COM; defaulting to no policy
Enter password for principal "fra=
nk@EXAMPLE.COM":
Re-enter password for principal "
=3D"mailto:frank@EXAMPLE.COM">frank@EXAMPLE.COM":
kadmi=
n.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank
Entry for principal frank with kvno 2, encryption type Triple DES cbc mode =
with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
r>Entry for principal frank with kvno 2, encryption type ArcFour with HMAC/=
md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1 a=
dded to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for prin=
cipal frank with kvno 2, encryption type DES cbc mode with RSA-MD5 added to=
keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Finally, it gives error like:
[root@localhost ~]# kinit frank=
-t /var/kerberos/krb5kdc/kadm5.keytab
Password for
o:frank@EXAMPLE.COM">frank@EXAMPLE.COM:
kinit(v5): Password inco=
rrect while getting initial credentials
or
in cmd when I run this instruction the below error is shown.=
[root@localhost bin]# ./psql -h 127.0.0.1=A0 -U frank
psql: k=
rb5_sendauth: Bad application version was sent (via sendauth)
Please help me.
--
With Best Regards
Miss.KHodada=
di
--0015174766d6edc5050475a8e446--