Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Data Bases > Pgsql Admin > Re: PG 8.3 and ...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 3 of 3 Topic 4920 of 5549
 Post > Topic >>

Re: PG 8.3 and kerberos failures

by pjkoczan@[EMAIL PROTECTED] ("Peter Koczan") Apr 22, 2008 at 10:20 AM

On Fri, Apr 18, 2008 at 12:43 PM, Peter Koczan <pjkoczan@[EMAIL PROTECTED]
> wrote:
> On Thu, Apr 17, 2008 at 11:40 AM, Peter Koczan <pjkoczan@[EMAIL PROTECTED]
>
wrote:
>  > Hi all,
>  >
>  >  I just upgraded one of my servers and I'm having a bit of trouble
>  >  getting some of the kerberos authentication bits working.
>  >  Specifically, any Kerberos instance run out of a v5srvtab doesn't
work
>  >  so well. Using stashed tickets or normal principals worked fine.
>  >  Gritty details follow.
>  >
>  >  Peter
>  >
>  >  Here are details from the specific v5srvtab's...
>  >  [root@[EMAIL PROTECTED]
 postgres]# klist -k -t /etc/v5srvtab.wsbackup
>  >  Keytab name: FILE:/etc/v5srvtab.wsbackup
>  >  KVNO Timestamp         Principal
>  >  ---- -----------------
--------------------------------------------------------
>  >   13 12/20/07 15:56:11 wsbackup/sensei.cs.wisc.edu@[EMAIL PROTECTED]
>
>  Here's what happens when I do this (it's on a different machine but
>  it's the same mechanism).
>
>  [root@[EMAIL PROTECTED]
 ~ $ su - wsbackup
>  ator(1)% kinit -f -k -t /etc/v5srvtab.wsbackup -l 1d
>  wsbackup/ator.cs.wisc.edu@[EMAIL PROTECTED]
>  ator(2)% klist
>  Ticket cache: FILE:/var/adm/krb5/tmp/tkt/krb5cc_28528
>  Default principal: wsbackup/ator.cs.wisc.edu@[EMAIL PROTECTED]
>
>  Valid starting     Expires            Service principal
>  04/18/08 12:25:00  04/19/08 12:25:00  krbtgt/CS.WISC.EDU@[EMAIL PROTECTED]
>
>
>  Kerberos 4 ticket cache: /tmp/tkt28528
>  klist: You have no tickets cached

One more thing to note, I said before that stashed tickets and login
principals "just work." Here might be something...

[koczan@[EMAIL PROTECTED]
 koczan $ klist
Ticket cache: FILE:/var/adm/krb5/tmp/tkt/krb5cc_3258_ZtKJNK
Default principal: koczan@[EMAIL PROTECTED]
 ~]# ex****t
KRB5CCNAME=/var/adm/krb5/tmp/stash/krb5cc_25555.stash
[root@[EMAIL PROTECTED]
 ~]# klist
Ticket cache: FILE:/var/adm/krb5/tmp/stash/krb5cc_25555.stash
Default principal: strivia@[EMAIL PROTECTED]
 don't contain hostname data in the default principal like the
keytab principal does, and yet they both connect fine. There could be
something to this, but I don't know what, or how to take advantage of
it.

Peter

-- 
Sent via pgsql-admin mailing list (pgsql-admin@[EMAIL PROTECTED]
)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin




 3 Posts in Topic:
PG 8.3 and kerberos failures
 pjkoczan@[EMAIL PROTECTED  2008-04-17 11:40:22 
Re: PG 8.3 and kerberos failures
 pjkoczan@[EMAIL PROTECTED  2008-04-18 12:43:20 
Re: PG 8.3 and kerberos failures
 pjkoczan@[EMAIL PROTECTED  2008-04-22 10:20:56 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan12V112 Sat Nov 22 16:56:58 CST 2008.