Re: Having trouble with connecting to database via kerberos
| От | Dave Page |
|---|---|
| Тема | Re: Having trouble with connecting to database via kerberos |
| Дата | |
| Msg-id | CA+OCxoztJCZijhhmGTtjPZ2Lvu6nfT3aoGVZkq=Wbd7nnAn0Pg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Having trouble with connecting to database via kerberos (Dave Page <dpage@pgadmin.org>) |
| Список | pgadmin-support |
On Fri, Aug 28, 2020 at 11:03 AM Dave Page <dpage@pgadmin.org> wrote:
HiOn Fri, Aug 28, 2020 at 9:59 AM Haskin, Daniel J <DHaskin@verisk.com> wrote:Hello!
I wonder if you folks can help me. I am having the hardest time location documentation on, or otherwise figuring out how to connect to a Kerberos-authenticated database using pgAdmin in Amazon RDS.
I can connect to the database just fine with psql + kinit on linux, but the rest of my team is on Windows and pgAdmin.
How, in general, do you connect to a Kerberos-authenticated database from pgAdmin on Windows? I haven't been able to find the answer to this question.
In particular, I am connecting to a 12.3 pgsql database hosted on amazon RDS. No matter what I try, whenever I try to auth via Kerberos, I get this error:
SSPI continuation error: The specified target is unknown or unreachable
(80090303)
If I connect using a local pg user, the connection succeeds.
If I connect using kinit + psql on linux, the connection succeeds.
If I connect using the correct host endpoint, I get the error above.
If I connect using the AWS alternative method described here[1] of connecting to <endpoint>.<aws-ad-domain>, I *still* get the error above.
Is there anyone who can help?
1: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/postgresql-kerberos-connecting.htmlpgAdmin doesn't (yet) officially support kerberos authentication. You can use SSPI if you're connecting from Windows to a Windows-hosted PostgreSQL server in a domain or on a the same machine (I actually verified that works yesterday), or you can in theory use GSSAPI to authenticate to a Linux hosted server if you're on a Linux client (I'm working on verifying that at the moment).Once I've got those scenarios working and verified, I'll move on to figuring out how to handle Windows/Mac clients connecting with GSSAPI.Note that SSPI/GSSAPI will require that you're running pgAdmin in Desktop mode. It will not work in Server mode (because the server will typically be running under a different user account). There's a feature request for that in the backlog.
FYI, I've also confirmed that Linux - Linux works with GSSAPI.
В списке pgadmin-support по дате отправления: