Hello all
We are running Postgres 14 on Ubuntu. Our Windows users connect passwordless
using GSSAPI. This works great.
Now we want users on Linux client to also connect passwordless using GSSAPI.
Users on Linux log on using their Active Directory credentials, as the Linux
host (Ubuntu 22.04) is joined to the domain. Logon to Linux works fine, access
to Windows cifs shares works fine authentication with Kerberos.
But psql won't connect using GSSAPI. It does hit the right pg_hba.conf line and
the username is translated via pg_ident.conf, just fine. But psql says
psql: error: connection to server at "srvpostgres4.xxx.local" (172.30.33.30),
port 1609 failed: could not initiate GSSAPI security context: Unspecified GSS
failure. Minor code may provide more information: Server not found in Kerberos
database connection to server at "srvpostgres4.xxx.local" (172.30.33.30), port
1609 failed: GSSAPI continuation error: Unspecified GSS failure. Minor code
may provide more information: Server not found in Kerberos database
Server log is like this
2022-06-06 08:14:01.176
CEST,"yyy","db1",474094,"172.30.32.213:33556",627e83c9.73bee,2,"authentication",2022-06-06
08:14:01 CEST,2/14544,0,FATAL,28000,"GSSAPI authentication failed for user
""yyy""","Connection matched pg_hba.conf line 15: ""host all all
172.0.0.0/8 gss map=xxxlocal include_realm=0
krb_realm=""XXX.LOCAL""""",,,,,,,,"","client backend",,-3382135431624836920
We are a bit lost here. What are we missing?
Regards Niels Jespersen
