Re: PG 8.3 and kerberos failures
| От | Peter Koczan |
|---|---|
| Тема | Re: PG 8.3 and kerberos failures |
| Дата | |
| Msg-id | 4544e0330804220820y27e07184k1148d0e5e358ac1a@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: PG 8.3 and kerberos failures ("Peter Koczan" <pjkoczan@gmail.com>) |
| Список | pgsql-admin |
On Fri, Apr 18, 2008 at 12:43 PM, Peter Koczan <pjkoczan@gmail.com> wrote: > On Thu, Apr 17, 2008 at 11:40 AM, Peter Koczan <pjkoczan@gmail.com> wrote: > > Hi all, > > > > I just upgraded one of my servers and I'm having a bit of trouble > > getting some of the kerberos authentication bits working. > > Specifically, any Kerberos instance run out of a v5srvtab doesn't work > > so well. Using stashed tickets or normal principals worked fine. > > Gritty details follow. > > > > Peter > > > > Here are details from the specific v5srvtab's... > > [root@sensei postgres]# klist -k -t /etc/v5srvtab.wsbackup > > Keytab name: FILE:/etc/v5srvtab.wsbackup > > KVNO Timestamp Principal > > ---- ----------------- -------------------------------------------------------- > > 13 12/20/07 15:56:11 wsbackup/sensei.cs.wisc.edu@CS.WISC.EDU > > Here's what happens when I do this (it's on a different machine but > it's the same mechanism). > > [root@ator] ~ $ su - wsbackup > ator(1)% kinit -f -k -t /etc/v5srvtab.wsbackup -l 1d > wsbackup/ator.cs.wisc.edu@CS.WISC.EDU > ator(2)% klist > Ticket cache: FILE:/var/adm/krb5/tmp/tkt/krb5cc_28528 > Default principal: wsbackup/ator.cs.wisc.edu@CS.WISC.EDU > > Valid starting Expires Service principal > 04/18/08 12:25:00 04/19/08 12:25:00 krbtgt/CS.WISC.EDU@CS.WISC.EDU > > > Kerberos 4 ticket cache: /tmp/tkt28528 > klist: You have no tickets cached One more thing to note, I said before that stashed tickets and login principals "just work." Here might be something... [koczan@ator] koczan $ klist Ticket cache: FILE:/var/adm/krb5/tmp/tkt/krb5cc_3258_ZtKJNK Default principal: koczan@CS.WISC.EDU ... [root@mitchell ~]# export KRB5CCNAME=/var/adm/krb5/tmp/stash/krb5cc_25555.stash [root@mitchell ~]# klist Ticket cache: FILE:/var/adm/krb5/tmp/stash/krb5cc_25555.stash Default principal: strivia@CS.WISC.EDU ... They don't contain hostname data in the default principal like the keytab principal does, and yet they both connect fine. There could be something to this, but I don't know what, or how to take advantage of it. Peter
В списке pgsql-admin по дате отправления: