Hello. I've been having seemingly the same issue as in the following thread: https://www.postgresql.org/message-id/flat/CAFOhELe6QLp1ZJevkupqE9np%3DY7GRWVd2WF_e4xbOM%2BxzO1W_A%40mail.gmail.com#0e78a396033b6d4d5922b1fa9b4ee880 I would like to see if someone can help me diagnose what I'm doing wrong.
My environment is: * pgAdmin4 server version 9.10, running in a Docker container (dpage/pgadmin4:9.10) - Ubuntu server VM * Postgresql server configured for Kerberos authentication - Ubuntu server VM * Our company is using Microsoft Windows Active Directory What I have working: * Logging into Postgresql directly with my Microsoft Active Directory user using Kerberos (from Windows & Linux) * Logging into pgAdmin web with my Microsoft Active Directory user using Kerberos (currently only on Firefox on Windows) What's currently not working for me is the Kerberos authentication from within pgAdmin to the Postgresql server. The container logs this the moment I try to connect to the Postgresql server: pgadmin-1 | Error: connection failed: connection to server at "<ip-address>", port 5432 failed: GSSAPI continuation error: No credentials were supplied, or the credentials were unavailable or inaccessible: No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_5050) I do however find a ticket for my Kerberos session in the cache directory: docker exec -ti pgadmin-test-pgadmin-1 bash -c 'ls -la /var/lib/pgadmin/krbccache/' total 12 drwxr-xr-x 2 pgadmin root 4096 Nov 26 09:42 . drwxrwxr-x 6 pgadmin root 4096 Nov 26 09:42 .. -rw------- 1 pgadmin root 1533 Nov 26 09:42 [email protected] I've tried, just to see if it would do a login: * Create an environment variable for the whole container KRB5CCNAME as the absolute path to my Kerberos ticket in krbccache * copy the ticket in /var/lib/pgadmin/krbccache/ to /tmp/krb5cc_5050 The environment variable had no affect, but copying the ticket to /tmp/krb5cc_5050 changed the error that I got to: pgadmin-1 | Error: connection failed: connection to server at "<ip-address>", port 5432 failed: connection to server at "<ip-address>", port 5432 failed: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information: The ticket isn't for us Another issue I've already worked around: the documentation specifies to set an environment variable for "KRB_KTNAME" or set "KRB_KTNAME" in the pgAdmin config, and that this should work instead of needing to configure "default_keytab_name" in krb5.conf. But this has not worked for me at all, I can't go without explicitly creating a krb5.conf file that specifies "default_keytab_name = /path/to/keytab". But as I said, when I configure this in krb5.conf, the login into pgAdmin using Kerberos works.
