Fwd: psql+krb5

Fwd: psql+krb5

am 30.11.2009 08:29:35 von rahimeh khodadadi

--0016e6d784ee7840540479919ac2
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable

---------- Forwarded message ----------
From: rahimeh khodadadi
Date: 2009/11/29
Subject: Re: psql+krb5
To: Denis Feklushkin


These items have added after my sending.

I repeat again my configurations:


*
1) The configuration of krb5.conf is:
[realms]
EXAMPLE.COM =3D{

kdc=3Dstar :88
admin_server=3Dstar:749
default_domain=3D example.com
}
......*

2) Then, I created principal as* " postgres/star@EXAMPLE.COM "* and its
password is saved in* '/usr/local/pgsql/data/postgresql.keytab' .*


(star is localhost IP, but in hosts.conf I configure like: 213.233.169.93
star)

3) I setup *postgresql.conf *as below:

krb_server_keyfile =3D '/usr/local/pgsql/data/
postgresql.keytab'
krb_srvname =3D 'postgres/star@EXAMPLE.COM'

krb_server_hostname =3D 'star' # empty string matches any keytab en=
try
krb_caseins_users =3D off

4) I *create user "frank"* in Psql .

5) Then I set up* hba.conf :*

host all all 0.0.0.0/0 krb5
host all all 127.0.0.1/32 krb5


When I want to connect to Postgresql, it gives error.

# *kinit frank*

[root@star bin]# *./psql -h star -U frank -d test*

psql: *krb5_sendauth: Bad application version was sent (via sendauth)*

I should mention that * both postgresql server and krb-server are in same
system* and* my IP is acquring from dhcp server of university*. Where is
wrong.

2009/11/29 Denis Feklushkin

> On Sun, 29 Nov 2009 14:23:52 +0330
> rahimeh khodadadi wrote:
>
> > Thanks for your replying. My detail of configuration is:
> >
> > I try to setup kerberos authentication in Postgresql 8.1.18 on centos.
> >
> > But I have some problem.
> >
> > 1) The configuration of krb5.conf is:
> > [realms]
> > EXAMPLE.COM > > > =3D{
> >
> > kdc=3Dstar :88
> > admin_server=3Dstar:749
> > default_domain=3D example.com > > >
> > > >
> > > }
> > > .....
> > >
> > > 2) Then, I created principal as " postgres/star@EXAMPLE.COM > > > star@EXAMPLE.COM> " and its password is saved in
> > > '/usr/local/pgsql/data/postgresql.keytab' .
> > >
> > >
> > > (star is localhost IP, but in hosts.conf I configure like:
> > > 213.233.169.93 star)
> > >
> > > 3) I setup postgresql.conf as below:
> > >
> > > krb_server_keyfile =3D '/usr/local/pgsql/data/
> > > postgresql.keytab'
> > > krb_srvname =3D 'postgres/star@EXAMPLE.COM'
> > >
> > > krb_server_hostname =3D 'star' # empty string matches any
> > > keytab entry
> > > krb_caseins_users =3D off
> > >
> > > 4) I create user "frank" in Psql .
> > >
> > > 5) Then I set up hba.conf :
> > >
> > > host all all 0.0.0.0/0
> > > krb5
> > > host all all 127.0.0.1/32
> > > krb5
> > >
> > >
> > > When I want to connect to Postgresql, it gives error.
> > >
> > > # kinit frank
> > >
> > > [root@star bin]# ./psql -h star -U frank -d test
> > >
> > > psql: krb5_sendauth: Bad application version was sent (via sendauth)
> > >
> >
> > some changes in users gives below error :
> > "[root@www bin]# ./psql -h 213.233.168.249 -U postgres
> > psql: Kerberos 5 authentication rejected: Wrong principal in
> > request"
> >
> >
> > > I should mention that both postgresql server and krb-server are in
> > > same system and my IP is acquring from dhcp server of university.
> > > Where is wrong.
> > >
> >
> >
> >
> > 2009/11/29 Denis Feklushkin
> >
> > > On Sun, 29 Nov 2009 10:48:30 +0330
> > > rahimeh khodadadi wrote:
> > >
> > > > Hi,
> > > >
> > > > When I want to connect to psql via krb5 in Linux, it gives me
> > > > error like: "[root@www bin]# ./psql -h 213.233.168.249 -U
> > > > postgres psql: Kerberos 5 authentication rejected: Wrong
> > > > principal in request"
> > >
> > > þÔ=CF =D7 ÌÏÇÁ=C8 KDC?
> ^^^^^^^^^^^^^^^^ !!!
>
> =E9 ÅÝ=A3, =D7 ÔÅËÓÔÅ ËÏÔÏÒÙ=CA ÷Ù ÄÁ=
ÌÉ ×ÓÔÒÅÞÁÀÔÓ=D1 ÐÒÏÂÅÌ=D9 =D7 ÉÍ=
ÅÎÁÈ
> ÐÒÉÎÃÉÐÁÌÏ=D7 =C9 ÓÔÒÁÎÎÙÅ ÚÁ=D0=
ÉÓ=C9 ""
>
> ðÒ=C9 ÎÁÓÔÒÏÊË=C5 ×ÁÖÎ=CF ÞÔÏÂ=D9 =CE=
ÉÞÅÇ=CF ÜÔÏÇ=CF ÎÅÂÙÌÏ
>



--=20
With Best Regards
Miss.KHodadadi



--=20
With Best Regards
Miss.KHodadadi

--0016e6d784ee7840540479919ac2
Content-Type: text/html; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable



---------- Forwarded message ----------<=
br>From: rahimeh khodadadi tr"><rahimeh.khodadadi@gm=
ail.com>

Date: 2009/11/29
Subject: Re: psql+krb5
To: Denis Feklushkin < ref=3D"mailto:denis.feklushkin@gmail.com">denis.feklushkin@g mail.com>=
;


These items have added after my sending.
=9A
I repeat a=
gain my configurations:

=9A

1) The configuration of=9A=
krb5.conf is:
=9A[realms]
šš /" target=3D"_blank">EXAMPLE.COM =3D{



šššš kdc=3Dstar :88
šššš admin_server=3Dstar:749
=9A=
šš=9A default_domain=3D k">example.com
}
.....

2) Then, I created princi=
pal as "=9A postgres/ _blank">star@EXAMPLE.COM " and its password is saved in =
9;/usr/local/pgsql/data/postgresql.keytab' .





(star is localhost IP, but in hosts.conf I configure like: 213.233.169.=
93 =9A star)

3) I setup postgresql.conf as below:

krb_=
server_keyfile =3D '/usr/local/pgsql/data/
=3D"2">
postgresql.keytab'

krb_srvname =3D 'postgres/ "_blank">star@EXAMPLE.COM'

krb_server_hostname=
=3D 'star'šš =9A šš=9A # empty string matches any keytab e=
ntry
krb_caseins_users =3D off




4) I create user "frank"=9A in Psql .

5) Then I=
set up hba.conf :

hostšš=9A allšššššš=
šš allšššššššš blank">0.0.0.0/0šššššššššššš=9A krb5

hostšš=9A allšššššššš allšššššššš ef=3D"http://127.0.0.1/32" target=3D"_blank">127.0.0.1/32šššš=
šššššš krb5





When I want to connect to Postgresql, it gives error.

# kinit fr=
ank

[root@star bin]# ./psql -h star=9A -U frank=9A -d test >





psql: krb5_sendauth: Bad application version w=
as sent (via sendauth)


I should men=
tion that=9A both postgresql server and krb-server are in same system > and my IP is acquring from dhcp server=9A of university.=9A Where =
is wrong.


=3D"gmail_quote">
2009/11/29 Denis Feklushkin < eklushkin@gmail.com" target=3D"_blank">denis.feklushkin@gmail.com> span>
rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

On Sun, 29 Nov 2009 14:23:52 +0330

> Thanks for your replying. My detail of configuration is: >
>

> I try to setup kerberos authentication in Postgresql 8.1.18 on centos.=


>

> But I have some problem.

>

> 1) The configuration of =9Akrb5.conf is:

> =9A[realms]

> =9A EXAMPLE.COM=
 <http://example.c=
om/><http://EXAM=
PLE.COM



> <http://example.c=
om/>> =3D{

>

> =9A =9A kdc=3Dstar :88

> =9A =9A admin_server=3Dstar:749

> =9A =9A default_domain=3D ank">example.com<ht=
tp://example.com

> >

> > >

> > }

> > .....

> >

> > 2) Then, I created principal as " =9Apostgres/ lto:star@EXAMPLE.COM" target=3D"_blank">star@EXAMPLE.COM<mailto:

> > star@EXAMPL=
E.COM> " and its password is saved in

> > '/usr/local/pgsql/data/postgresql.keytab' .

> >

> >

> > (star is localhost IP, but in hosts.conf I configure like:

> > 213.233.169.93 star)

> >

> > 3) I setup postgresql.conf as below:

> >

> > krb_server_keyfile =3D '/usr/local/pgsql/data/

> > postgresql.keytab'

> > krb_srvname =3D 'postgres/ target=3D"_blank">star@EXAMPLE.COM<mailto: AMPLE.COM" target=3D"_blank">star@EXAMPLE.COM>'

> >

> > krb_server_hostname =3D 'star' =9A =9A =9A =9A # empty st=
ring matches any

> > keytab entry

> > krb_caseins_users =3D off

> >

> > 4) I create user "frank" =9Ain Psql .

> >

> > 5) Then I set up hba.conf :

> >

> > host =9A =9Aall =9A =9A =9A =9A all =9A =9A =9A =9A tp://0.0.0.0/0" target=3D"_blank">0.0.0.0/0< 0/0" target=3D"_blank">http://0.0.0.0/0>

> > =9Akrb5

> > host =9A =9Aall =9A =9A =9A =9A all =9A =9A =9A =9A tp://127.0.0.1/32" target=3D"_blank">127.0.0.1/32< 127.0.0.1/32" target=3D"_blank">http://127.0.0.1/32>

> > =9A krb5

> >

> >

> > When I want to connect to Postgresql, it gives error.

> >

> > # kinit frank

> >

> > [root@star bin]# ./psql -h star =9A-U frank =9A-d test

> >

> > psql: krb5_sendauth: Bad application version was sent (via sendau=
th)

> >

>

> some changes in users gives below error :

> "[root@www bin]# ./psql -h 213.233.168.249 =9A-U postgres

> =9A psql: Kerberos 5 authentication rejected: =9AWrong principal in >
> request"

>

>

> > I should mention that =9Aboth postgresql server and krb-server ar=
e in

> > same system and my IP is acquring from dhcp server =9Aof universi=
ty.

> > Where is wrong.

> >

>

>

>

> 2009/11/29 Denis Feklushkin < il.com" target=3D"_blank">denis.feklushkin@gmail.com>

>

> > On Sun, 29 Nov 2009 10:48:30 +0330

> > rahimeh khodadadi < om" target=3D"_blank">rahimeh.khodadadi@gmail.com> wrote:

> >

> > > Hi,

> > >

> > > When I want to connect to psql via krb5 in Linux, it gives m=
e

> > > error like: "[root@www bin]# ./psql -h 213.233.168.249 =
=9A-U

> > > postgres psql: Kerberos 5 authentication rejected: =9AWrong<=
br>
> > > principal in request"

> >

> > þÔ=CF =D7 ÌÏÇÁ=C8 KDC?

=9A =9A^^^^^^^^^^^^^^^^ !!!



=E9 ÅÝ=A3, =D7 ÔÅËÓÔÅ ËÏÔÏÒÙ=CA ÷Ù ÄÁ=
ÌÉ ×ÓÔÒÅÞÁÀÔÓ=D1 ÐÒÏÂÅÌ=D9 =D7 ÉÍ=
ÅÎÁÈ

ÐÒÉÎÃÉÐÁÌÏ=D7 =C9 ÓÔÒÁÎÎÙÅ ÚÁÐÉ=
ÓÉ "<mailto: k">star@EXAMPLE.COM>"



ðÒ=C9 ÎÁÓÔÒÏÊË=C5 ×ÁÖÎ=CF ÞÔÏÂ=D9 =CE=
ÉÞÅÇ=CF ÜÔÏÇ=CF ÎÅÂÙÌÏ




iv class=3D"h5">--
With Best Regards
Miss.KHodadadi




--
With Best Regards
Mis=
s.KHodadadi


--0016e6d784ee7840540479919ac2--