[Freeipa-users] freeipa and postgresql
Fereyre Jerome
jerome.fereyre at bull.net
Wed Sep 15 15:10:12 UTC 2010
Hi rob
> I don't know anything about kerberizing postgres but I would guess
> that you created a service keytab for psql, is that right?
Yes i have created a service keytab for postgres .
> Check the permissions of the keytab. Permission denied usually means
> that the server can't read its own keytab.
Thank you.
You were right. I have changed the file ownership to set the postgres
user as file owner and i don't have the
permission denied message anymore :)
> If this doesn't fix it can you outline what you've done so far in
> configuring psql?
I walk forward in the configuration, but there is always some issues
that i don't understand... but they are closest to
postgres than kerberos.
I have configured a user called jeradm in postgres and created a
principal in freeipa/kerberos called jeradm at MYIPA.ORG.
I need to do (starting from an other user account) :
su - jeradm;
kinit jeradm;
psql -d postgres -h ipa0
to connect to the database with the jeradm account.
If i stay as the root user system and do :
kinit jeradm;
psql -d postgres -h ipa0
Postgresql prevent me from connecting to the database and in the log i
have messages like
[ipa0][postgres] FATAL: GSSAPI authentication failed for user "root"
[ipa0][postgres] LOG: provided username (root) and authenticated
username (jeradm) don't match
In my rookie comprehension of kerberos, psql will have to use my ticket
to identify the user to use for connection... but
it keep using my current linux user account ...
I think that i haved missed something....
Thank you Rob :)
Jérôme
>
> rob
>
>
More information about the Freeipa-users
mailing list