Hi! Sorry for my English. Can you help me. I try to add PostgreSQL authentication to IPA.
Server of IPA host name - server.my.domain.local database PostgreSQL host name - database.my.domain.local 1. pg_hba.conf – add record host all all 192.168.0.0/24 gss 2. postgresql.conf add records: # Kerberos and GSSAPI krb_server_keyfile = '/var/lib/pgsql/9.2/data/pg.keytab' krb_srvname = 'postgres' # (Kerberos only) 3. Add PostgreSQL service: ipa service-add postgres/server.my.domain.local 4. Create keytab: ipa-getkeytab -s server.my.domain.local -p postgres/[email protected] -k /var/lib/pgsql/data/9.2/pg.keytab 5. Change owner: chown postgres:postgres /var/lib/pgsql/9.2/data/pg.keytab 6. restart PostgreSQL service 7. Try to connect from database host: psql -h database.my.domain.local If I try – “psql -h database.my.domain.local” command, I have an error – “psql: FATAL: role "rembo" does not exist” If I try –“ psql -h database.my.domain.local -U [email protected]” command, I have an error “psql: FATAL: GSSAPI authentication failed for user [email protected]" database.my.domain.local host’s authentication method – IPA. This is PostgreSQL log: DEBUG: InitPostgres DEBUG: my backend ID is 1 DEBUG: StartTransaction DEBUG: checkpointer updated shared memory configuration values DEBUG: name: unnamed; blockState: DEFAULT; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: DEBUG: CommitTransaction DEBUG: name: unnamed; blockState: STARTED; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: DEBUG: forked new backend, pid=17203 socket=11 DEBUG: postmaster child[17203]: starting with ( DEBUG: postgres DEBUG: [email protected] DEBUG: ) DEBUG: InitPostgres DEBUG: my backend ID is 2 DEBUG: StartTransaction DEBUG: name: unnamed; blockState: DEFAULT; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: DEBUG: Processing received GSS token of length 654 DEBUG: gss_accept_sec_context major: 0, minor: 0, outlen: 156, outflags: 1b2 DEBUG: sending GSS response token of length 156 DEBUG: sending GSS token of length 156 LOG: provided user name ([email protected]) and authenticated user name (rembo) do not match FATAL: GSSAPI authentication failed for user "[email protected]" DEBUG: shmem_exit(1): 7 callbacks to make DEBUG: proc_exit(1): 3 callbacks to make DEBUG: exit(1) DEBUG: shmem_exit(-1): 0 callbacks to make DEBUG: proc_exit(-1): 0 callbacks to make DEBUG: reaping dead processes DEBUG: server process (PID 17203) exited with exit code 1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
