<div dir="ltr"><p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">Hi! </span></p>

<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">Sorry for my English. Can you help me. I try to add PostgreSQL
authentication to IPA.</span></p>

<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">Server of IPA host name - server.my.domain.local</span><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black"><br>


<span style="background-repeat:initial initial">database PostgreSQL host name -
database.my.domain.local</span><br>
<br>
<span style="background-repeat:initial initial">1.    pg_hba.conf – add record
</span></span></p>

<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">host    all        all        <a href="http://192.168.0.0/24">192.168.0.0/24</a>        gss <br>
</span><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black"><br>
<span style="background-repeat:initial initial">2.    postgresql.conf add
records:</span><br>
<span style="background-repeat:initial initial"># Kerberos and GSSAPI</span><br>
<span style="background-repeat:initial initial">krb_server_keyfile
= '/var/lib/pgsql/9.2/data/pg.keytab'</span><br>
<span style="background-repeat:initial initial">krb_srvname
= 'postgres'        # (Kerberos
only)</span><br>
<br>
<span style="background-repeat:initial initial">3.    Add PostgreSQL service:</span><br>
<span style="background-repeat:initial initial">ipa service-add postgres/server.my.domain.local</span><br>
<br>
<span style="background-repeat:initial initial">4.    Create keytab:</span><br>
<span style="background-repeat:initial initial">ipa-getkeytab -s server.my.domain.local -p
postgres/database.my.domain.local@MY.DOMAIN.LOCAL  -k
/var/lib/pgsql/data/9.2/pg.keytab</span><br>
<br>
<span style="background-repeat:initial initial">5.    Change owner:</span><br>
<span style="background-repeat:initial initial">chown postgres:postgres /var/lib/pgsql/9.2/data/pg.keytab</span><br>
<br>
<span style="background-repeat:initial initial">6.   restart PostgreSQL service</span><br>
<br>
<span style="background-repeat:initial initial">7.    Try to connect from
database host:</span><br>
<span style="background-repeat:initial initial">psql -h database.my.domain.local</span><br>
<br>
</span></p>

<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">If I try – “psql -h database.my.domain.local” command, I have an error –
“psql: FATAL:  role "rembo" does not exist”</span></p>

<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">If I try –“</span><span lang="EN-US"> </span><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">psql -h database.my.domain.local
-U </span><a href="mailto:rembo@MY.DOMAIN.LOCAL"><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black;text-decoration:none">rembo@MY.DOMAIN.LOCAL</span></a><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">” command, I have an
error  “psql: FATAL:  GSSAPI authentication failed for user </span><a href="mailto:rembo@MY.DOMAIN.LOCAL"><span lang="EN-US" style="color:black;text-decoration:none">rembo@MY.DOMAIN.LOCAL</span></a><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">" </span><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black"><br>


<br>
</span></p>

<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">database.my.domain.local host’s <span style="background-repeat:initial initial">authentication method – IPA.</span></span></p>



<p class=""><span lang="EN-US" style="font-size:9pt;line-height:115%;font-family:Verdana,sans-serif;color:black">This is
PostgreSQL log:<br>
<span style="background-repeat:initial initial">DEBUG:  InitPostgres</span><br>
<span style="background-repeat:initial initial">DEBUG:  my backend ID is 1</span><br>
<span style="background-repeat:initial initial">DEBUG:  StartTransaction</span><br>
<span style="background-repeat:initial initial">DEBUG:  checkpointer updated shared
memory configuration values</span><br>
<span style="background-repeat:initial initial">DEBUG:  name:
unnamed; blockState:       DEFAULT; state:
INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: </span><br>
<span style="background-repeat:initial initial">DEBUG:  CommitTransaction</span><br>
<span style="background-repeat:initial initial">DEBUG:  name:
unnamed; blockState:       STARTED; state:
INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: </span><br>
<span style="background-repeat:initial initial">DEBUG:  forked new backend, pid=17203
socket=11</span><br>
<span style="background-repeat:initial initial">DEBUG:  postmaster child[17203]:
starting with (</span><br>
<span style="background-repeat:initial initial">DEBUG:    postgres</span><br>
<span style="background-repeat:initial initial">DEBUG:    rembo@MY.DOMAIN.LOCAL</span><br>
<span style="background-repeat:initial initial">DEBUG:  )</span><br>
<span style="background-repeat:initial initial">DEBUG:  InitPostgres</span><br>
<span style="background-repeat:initial initial">DEBUG:  my backend ID is 2</span><br>
<span style="background-repeat:initial initial">DEBUG:  StartTransaction</span><br>
<span style="background-repeat:initial initial">DEBUG:  name:
unnamed; blockState:       DEFAULT; state:
INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: </span><br>
<span style="background-repeat:initial initial">DEBUG:  Processing received GSS token
of length 654</span><br>
<span style="background-repeat:initial initial">DEBUG:  gss_accept_sec_context major:
0, minor: 0, outlen: 156, outflags: 1b2</span><br>
<span style="background-repeat:initial initial">DEBUG:  sending GSS response token of
length 156</span><br>
<span style="background-repeat:initial initial">DEBUG:  sending GSS token of length
156</span><br>
<span style="background-repeat:initial initial">LOG:  provided user name
(rembo@MY.DOMAIN.LOCAL) and authenticated user name (rembo) do not match</span><br>
<span style="background-repeat:initial initial">FATAL:  GSSAPI authentication failed
for user "rembo@MY.DOMAIN.LOCAL"</span><br>
<span style="background-repeat:initial initial">DEBUG:  shmem_exit(1): 7 callbacks to
make</span><br>
<span style="background-repeat:initial initial">DEBUG:  proc_exit(1): 3 callbacks to
make</span><br>
<span style="background-repeat:initial initial">DEBUG:  exit(1)</span><br>
<span style="background-repeat:initial initial">DEBUG:  shmem_exit(-1): 0 callbacks to
make</span><br>
<span style="background-repeat:initial initial">DEBUG:  proc_exit(-1): 0 callbacks to
make</span><br>
<span style="background-repeat:initial initial">DEBUG:  reaping dead processes</span><br>
<span style="background-repeat:initial initial">DEBUG:  server process (PID 17203)
exited with exit code 1</span><br>
<br></span></p>
</div>