Hello All,
I am trying to configure PostgreSQL9.6 (On Centos 7.4) with Kerberos (Active
Directory) via GSSAPI authentication and I'm getting the following error:
[postgres@hostname data]$ psql -h hostname -U usern...@domain.com postgres
psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may
provide more information
GSSAPI continuation error: Server not found in Kerberos database
I did the following configuration:
1.- Create KeyTab in Active Directory:
ktpass -out postgres_instance.keytab -princ
postgres/hostnamename.domain....@domain.com -mapUser svcPostgres -pass
<password> -crypto all -ptype KRB5_NT_PRINCIPAL
2.- Copy the keytab to Linux Server on $PGDATA and change the privileges to
postgres:postgres
3.- Configure postgresql.conf
krb_server_keyfile = '/<INSTANCA_NAME>/data/postgres_instance.keytab
4.- Configure /etc/krb5.conf
5.- Request a ticket to the KDC server using kinit (this work OK!)
[postgres@hostname ~]$ klist
Ticket cache: KEYRING:persistent:26:krb_ccache_AO0Y1kx
Default principal: usern...@domain.com
Valid starting Expires Service principal
01/30/2018 11:01:59 01/30/2018 21:01:59 krbtgt/domain....@domain.com
renew until 02/06/2018 11:01:55
6.- Configure pg_hba.conf
host all all
0.0.0.0/0 gss include_realm=1
7.- Create user in PG to test:
create user "usern...@domain.com<mailto:usern...@domain.com>" WITH SUPERUSER;
8.- Testing
[postgres@hostname data]$ psql -h hostname -U usern...@domain.com postgres
psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may
provide more information
GSSAPI continuation error: Server not found in Kerberos database
I tried generate the Keytab with "postgres" and "POSTGRES" user as a SPN but I
get the same error.
Any suggestion is welcome!
Thanks in advance for your help!
Jorge
