Thank you for your suggestion. I arrived at the same suspicion. And that was
it. Reverse DNS was not set up correctly.
Fra: Michael van der Kolff
Sendt: 6. juni 2022 15:50
Til: Niels Jespersen
Cc: pgsql-general list
Emne: Re: GSSAPI authentication
From the tiny bit I know about this, and a bi
> take a look at libpqtypes. it's client side extension library to libpq that
> implements the binary protocol.
>
> https://github.com/pgagarinov/libpqtypes
>
> merlin
Thx, Merlin… I’ll have a look see…
>From the tiny bit I know about this, and a bit of googling, I arrived at
https://stackoverflow.com/questions/13850252/cannot-get-kerberos-service-ticket-krbexception-server-not-found-in-kerberos-d
.
It seems to suggest that either the KDC or your service account might have
bad PTR records, and yo
Oh wait, I see.
On Mon, Jun 6, 2022 at 11:41 PM Michael van der Kolff <
mvanderko...@gmail.com> wrote:
> The part that you're missing, I think, is that Kerberized services require
> a service account.
>
> The SPN (service principal name) is the name that is used in Kerberos
> contexts for that se
The part that you're missing, I think, is that Kerberized services require
a service account.
The SPN (service principal name) is the name that is used in Kerberos
contexts for that service account. PostgreSQL uses
postgres/${hostname}@${realm}
by default - see https://www.postgresql.org/docs/14/g
Fra: Michael van der Kolff
Sendt: 6. juni 2022 14:26
Til: Niels Jespersen
Cc: pgsql-general list
Emne: Re: GSSAPI authentication
>This sounds like your PG service was unable to authenticate itself to AD.
>
>There's probably a trick to that somewhere - AD doesn't really want to be a
>Kerberos s
Looking closely at a configuration guide for MSSQL with Kerberos
authentication, I see this part:
https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-ver16#Manual.
It looks like it might be adapted to your
This sounds like your PG service was unable to authenticate itself to AD.
There's probably a trick to that somewhere - AD doesn't really want to be a
Kerberos server, it just happens to use it 😉
On Mon, 6 June 2022, 10:05 pm Niels Jespersen, wrote:
> Hello all
>
>
>
> We are running Postgres 14
Hello all
We are running Postgres 14 on Ubuntu. Our Windows users connect passwordless
using GSSAPI. This works great.
Now we want users on Linux client to also connect passwordless using GSSAPI.
Users on Linux log on using their Active Directory credentials, as the Linux
host (Ubuntu 22.04) i
