Hi all,
I would like to, but can't seem to get Kerberos working for local
connections.
Here are the last few lines of my pg_hba.conf
# TYPE DATABASE USER IP-ADDRESS IP_MASK METHOD
local all all krb5
hostssl all all 128.105.0.0 255.255.0.0 krb5
hostssl all all 198.133.224.0 255.255.255.0 krb5
Here's what trying to connect got me (first locally, then via the
network and SSL).
[koczan@mitchell(1)] ~ $ psql postgres
psql: FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.
[koczan@mitchell(2)] ~ $ psql -h mitchell -p 5432 postgres
psql: FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.
And here are the last few lines of the server log.
Jul 9 19:58:16 mitchell postgres[10730]: [2-1] LOG: connection
received: host=mitchell.cs.wisc.edu port=53829
Jul 9 19:58:16 mitchell postgres[10730]: [3-1] LOG: missing field in
file "/scratch.1/postgres/testing-8.2/pg_hba.conf" at end of line 69
Jul 9 19:58:16 mitchell postgres[10730]: [4-1] FATAL: missing or
erroneous pg_hba.conf file
Jul 9 19:58:16 mitchell postgres[10730]: [4-2] HINT: See server log
for details.
Jul 9 19:58:16 mitchell postgres[10731]: [2-1] LOG: connection
received: host=mitchell.cs.wisc.edu port=53830
Jul 9 19:58:16 mitchell postgres[10731]: [3-1] LOG: missing field in
file "/scratch.1/postgres/testing-8.2/pg_hba.conf" at end of line 69
Jul 9 19:58:16 mitchell postgres[10731]: [4-1] FATAL: missing or
erroneous pg_hba.conf file
Jul 9 19:58:16 mitchell postgres[10731]: [4-2] HINT: See server log
for details.
If I change the method to trust, it works, so it looks like krb5 isn't
supported for local connections, at least not on the surface. I'd also
like to get away from trust authentication because of the wonderful
security problems it entails.
Has anyone done this? Is this even possible? It's not a huge deal if it
can't be done, but I'd like to know.
Peter