All -
I am new to Postgres and Kerberos.
That said, I built out Postgres db. I got a keytab file from AD.
I'm sure it's all sorts of wonky but I did follow instructions and got guidance.
Client based user authentication works from another linux server, after running kinit.
What I can't get working is pgadmin4 as a client.
pgadmin4 local user account to the db works.
pgadmin4 AD account "abcuser" does not work.
pgadmin4 config_local... default except
AUTHENTICATION_SOURCES = ['kerberos', 'internal']
KRB_AUTO_CREATE_USER = True
Inside pgadmin4, I set up Connection tab like this:
Hostname = xyzserver
Port = 5432
Maintenance database = postgres
Username = abcuser
Kerberos authentication? = ON
Error:
connection to server at xyzserver (10.2.3.4) failed: GSSAPI continuation error: No credentials were supplied, or the credentials were unavailable or inaccessible. No kerberos credentials available (default cache: KCM:)
postgresql.log :
GSSAPI authentication failed for user "abcuser"
Connection matched pg_hba.conf line
"host all all 10.x.y.z/8 gss include_realm=0 krb_realm=
AD.COM"
Docs talk about requiring kerberos keytab for pgadmin4 but I have 2 problems with that. 1) I don't have a registered DNS entry 2) I'm not part of the AD team. It took work to get the keytab file for the db. I'd like to avoid it for clients!