Re: Kerberized login to Postgres database
| От | Rahimeh Khodadadi |
|---|---|
| Тема | Re: Kerberized login to Postgres database |
| Дата | |
| Msg-id | CAOudTMwKsUJLm7Ryu-3JW_dydxWbaDwie5R7K0n5gwxuW9uf8Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Kerberized login to Postgres database (Gémes Géza <geza@kzsdabas.hu>) |
| Список | pgsql-admin |
Hi, I use postgres/fqdn-domain-name only. #kadmin.local Kadmin.local: ank –randkey postgres/aftab.example.com Principal “postgres/aftab.example.com@EXAMPLE.COM” created #ktadd –k /tmp/postgresql.keytab postgres/aftab.example.com Entry for principal postgres/ aftab.example.com with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/tmp/postgresql.keytab. Entry for principal postgres/aftab.example.com with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/tmp/postgresql.keytab. #scp /tmp/postgresql.keytab/| Aftab.example.com:/usr/local/pgsql/data/postgresql.keytab #rm /tmp/postgresql.keytab #chown postgres:postgres /usr/local/pgsql/data/postgresql.keytab #chmod 400 /usr/local/pgsql/data/postgresql.keytab 2- I edited the paramet of "krb_server_keytab " to keytab file path Regards Khodadadi On 1/11/12, Gémes Géza <geza@kzsdabas.hu> wrote: > 2012-01-11 07:44 keltezéssel, Eugene Budanov írta: >> Hi! >> >>> I had a same problem already, but I recompiled Postgre with GSSAPI, it >>> does works correctly. >> Very interesting. Can you send me your config files? >> >> --- >> Best regards, >> Budanov Eugene >> > The relevant parts of my config is below: > > postgresql.conf: > > listen_addresses = '*' > krb_server_keyfile = '/etc/postgresql/postgres.keytab' > krb_caseins_users = on > > pg_hba.conf: > > host all all 0.0.0.0/0 gss > > ktutil -k /etc/postgresql/postgres.keytab list gives: > > Vno Type Principal > Aliases > 1 aes256-cts-hmac-sha1-96 postgres/intranet.kzsdabas.hu@KZSDABAS.HU > 1 des3-cbc-sha1 postgres/intranet.kzsdabas.hu@KZSDABAS.HU > 1 arcfour-hmac-md5 postgres/intranet.kzsdabas.hu@KZSDABAS.HU > > The service is running on a debian squeeze box, the rest of the settings > are unrelated. > > Regards > > Geza > > -- > Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-admin > -- With Best Regards Rahimeh Khodadadi
В списке pgsql-admin по дате отправления: