Hi, While creating the server, have you checked the `Kerberos authentication ?' field?
On Wed, Nov 26, 2025 at 8:57 PM Haiko Sawatzky <[email protected]> wrote: > Hello. > > I've been having seemingly the same issue as in the following thread: > https://www.postgresql.org/message-id/flat/CAFOhELe6QLp1ZJevkupqE9np%3DY7GRWVd2WF_e4xbOM%2BxzO1W_A%40mail.gmail.com#0e78a396033b6d4d5922b1fa9b4ee880 > I would like to see if someone can help me diagnose what I'm doing wrong. > > My environment is: > * pgAdmin4 server version 9.10, running in a Docker container > (dpage/pgadmin4:9.10) - Ubuntu server VM > * Postgresql server configured for Kerberos authentication - Ubuntu > server VM > * Our company is using Microsoft Windows Active Directory > > What I have working: > * Logging into Postgresql directly with my Microsoft Active Directory > user using Kerberos (from Windows & Linux) > * Logging into pgAdmin web with my Microsoft Active Directory user using > Kerberos (currently only on Firefox on Windows) > > What's currently not working for me is the Kerberos authentication from > within pgAdmin to the Postgresql server. The container logs this the moment > I try to connect to the Postgresql server: > pgadmin-1 | Error: connection failed: connection to server at > "<ip-address>", port 5432 failed: GSSAPI continuation error: No credentials > were supplied, or the credentials were unavailable or inaccessible: No > Kerberos credentials available (default cache: FILE:/tmp/krb5cc_5050) > > I do however find a ticket for my Kerberos session in the cache directory: > docker exec -ti pgadmin-test-pgadmin-1 bash -c 'ls -la > /var/lib/pgadmin/krbccache/' > total 12 > drwxr-xr-x 2 pgadmin root 4096 Nov 26 09:42 . > drwxrwxr-x 6 pgadmin root 4096 Nov 26 09:42 .. > -rw------- 1 pgadmin root 1533 Nov 26 09:42 > [email protected] > > I've tried, just to see if it would do a login: > * Create an environment variable for the whole container KRB5CCNAME as > the absolute path to my Kerberos ticket in krbccache > * copy the ticket in /var/lib/pgadmin/krbccache/ to /tmp/krb5cc_5050 > The environment variable had no affect, but copying the ticket > to /tmp/krb5cc_5050 changed the error that I got to: > pgadmin-1 | Error: connection failed: connection to server at > "<ip-address>", port 5432 failed: connection to server at "<ip-address>", > port 5432 failed: GSSAPI continuation error: Unspecified GSS failure. > Minor code may provide more information: The ticket isn't for us > > Another issue I've already worked around: the documentation specifies to > set an environment variable for "KRB_KTNAME" or set "KRB_KTNAME" in the > pgAdmin config, and that this should work instead of needing to configure > "default_keytab_name" in krb5.conf. But this has not worked for me at all, > I can't go without explicitly creating a krb5.conf file that specifies > "default_keytab_name = /path/to/keytab". But as I said, when I configure > this in krb5.conf, the login into pgAdmin using Kerberos works. >
