2

I have been setup an authentication with Postgresql 12 using gssAPI on centos.I follow an example :https://paquier.xyz/manuals/postgresql/kerberos/ .But when i finish and run to conect with gssapi:

"psql -U "postgres/myrealm.example@MYREALM.EXAMPLE" -h myrealm.example postgres" and i met an error :

psql: FATAL: could not accept GSSAPI security context

FATAL: accepting GSS security context failed

DETAIL: Unspecified GSS failure. Minor code may provide more information: Key table entry not found

I want to know if I'm missing any configuration steps/commands or implementing something wrong.Any kind help is highly appreciated. Thanks in advance.

tranmanhthang
  • 21
  • 1
  • 2

1 Answers1

0

Reason for problem

I ran into this same issue and spent a couple days debugging it. The issue ended up being that PostgreSQL was not configured to use the keytab that I thought I was using.

I had tried putting my keytab in the following locations:

  • /etc/krb5.keytab
  • /usr/local/pgsql/etc/krb5.keytab

And I tried setting the following in /var/lib/postgresql/data/postgresql.conf:

krb_server_keyfile = /etc/krb5.keytab

This should have worked, but I think because I was using PostgreSQL through a Docker container, the config wasn't being honored properly. I also tried doing a SHOW ALL query which also showed the expected entry of krb_server_keyfile = /etc/krb5.keytab

Solution

Finally, I set the environment variable KRB5_KTNAME=/etc/krb5.keytab and then my keytab got used.

Andy Guibert
  • 41,446
  • 8
  • 38
  • 61