All - I am new to Postgres and Kerberos. That said, I built out Postgres db. I got a keytab file from AD. I'm sure it's all sorts of wonky but I did follow instructions and got guidance.
Client based user authentication works from another linux server, after running kinit. What I can't get working is pgadmin4 as a client. pgadmin4 local user account to the db works. pgadmin4 AD account "abcuser" does not work. pgadmin4 config_local... default except AUTHENTICATION_SOURCES = ['kerberos', 'internal'] KRB_AUTO_CREATE_USER = True Inside pgadmin4, I set up Connection tab like this: Hostname = xyzserver Port = 5432 Maintenance database = postgres Username = abcuser Kerberos authentication? = ON *Error*: connection to server at xyzserver (10.2.3.4) failed: GSSAPI continuation error: No credentials were supplied, or the credentials were unavailable or inaccessible. No kerberos credentials available (default cache: KCM:) *postgresql.log :* GSSAPI authentication failed for user "abcuser" Connection matched pg_hba.conf line "host all all 10.x.y.z/8 gss include_realm=0 krb_realm=AD.COM" Docs talk about requiring kerberos keytab for pgadmin4 but I have 2 problems with that. 1) I don't have a registered DNS entry 2) I'm not part of the AD team. It took work to get the keytab file for the db. I'd like to avoid it for clients!
