Re: [Freeipa-devel] PostgreSQL + freeipa

Mon, 30 Sep 2013 07:27:21 -0700 

I know about this article, and i made it like He. But, i can't connect to
PostgreSQL =(((

On Mon, Sep 30, 2013 at 6:21 PM, Rob Crittenden <[email protected]> wrote:

> Gorbachev Ivan wrote:
>
>> Hi!
>>
>> Sorry for my English. Can you help me. I try to add PostgreSQL
>> authentication to IPA.
>>
>> Server of IPA host name - server.my.domain.local
>> database PostgreSQL host name - database.my.domain.local
>>
>> 1.    pg_hba.conf – add record
>>
>> host    all        all 192.168.0.0/24 <http://192.168.0.0/24>        gss
>>
>>
>> 2.    postgresql.conf add records:
>> # Kerberos and GSSAPI
>> krb_server_keyfile = '/var/lib/pgsql/9.2/data/pg.**keytab'
>> krb_srvname = 'postgres'        # (Kerberos only)
>>
>> 3.    Add PostgreSQL service:
>> ipa service-add postgres/server.my.domain.**local
>>
>> 4.    Create keytab:
>> ipa-getkeytab -s server.my.domain.local -p
>> postgres/database.my.domain.**[email protected]  -k
>> /var/lib/pgsql/data/9.2/pg.**keytab
>>
>> 5.    Change owner:
>> chown postgres:postgres /var/lib/pgsql/9.2/data/pg.**keytab
>>
>> 6.   restart PostgreSQL service
>>
>> 7.    Try to connect from database host:
>> psql -h database.my.domain.local
>>
>> If I try – “psql -h database.my.domain.local” command, I have an error –
>> “psql: FATAL:  role "rembo" does not exist”
>>
>> If I try –“psql -h database.my.domain.local -U [email protected]
>> <mailto:[email protected]>**” command, I have an error  “psql: FATAL:
>>
>> GSSAPI authentication failed for user [email protected]
>> <mailto:[email protected]>**"
>>
>>
>> database.my.domain.local host’s authentication method – IPA.
>>
>
> Adam got IPA working with Postgres in OpenStack and wrote a blog post
> about it: http://adam.younglogic.com/**2013/05/kerberizing-**
> postgresql-with-freeipa-for-**keystone/<http://adam.younglogic.com/2013/05/kerberizing-postgresql-with-freeipa-for-keystone/>
>
> The steps aren't directly comparable because he used puppet they look
> largely the same to me, but I've never tried to set this up. It may be
> helpful for you though.
>
> rob
>



-- 
With Best Regards
Gorbachev Ivan

_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to