BUG #17523: Postgresql Kerberos PAM authentication

The following bug has been logged on the website:

Bug reference:      17523
Logged by:          Alex
Email address:      alexander@kopylov.us
PostgreSQL version: 13.6
Operating system:   Centos
Description:

Hi,

pam_krb5 module (pam with kerberos5) can be used to communicate any service
with FreeIPA for Kerberos (authentication) and Host-based access policy
(authorization)
pam_krb5 doesn't work with PostgreSQL but any web or app server understand
this pam module correctly.
When I have an active TGT ticket then my request authenticated successfully
by credential cache is filled of TGS postgres/hostname@REALM
However postgres authorization is failed.

pam_sss.so module works well but it is only password authentication that
doesn't use kerberos tickets.
For example apache web server can use pam_sss for Kerberos (mod_auth_gssapi)
and PAM (mod_authnz_pam) but postgres server cannot do this


error message:
2022-06-18 03:49:02.346 EDT [71176] LOG:  pam_authenticate failed: Module is
unknown
2022-06-18 03:49:02.346 EDT [71176] FATAL:  PAM authentication failed for
user "username"
2022-06-18 03:49:02.346 EDT [71176] DETAIL:  Connection matched pg_hba.conf
line 90: "host   all   username   0.0.0.0/0   pam  pamservice=postgresql"


cat /etc/pam.d/postgresql
auth        sufficient    pam_krb5.so
account   pam_krb5.so
password    sufficient    pam_krb5.so use_authtok
session     optional      pam_krb5.so