Bug 1288607
Summary: | missing kerberos/gssapi support in psql | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mike McLean <mikem> |
Component: | postgresql | Assignee: | Pavel Raiskup <praiskup> |
Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | devrim, hhorak, jmlich83, jstanek, pkajaba, praiskup, tgl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-07-19 18:34:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mike McLean
2015-12-04 17:38:16 UTC
It does appear to load the libs though. $ strace psql -h DBHOST DBNAME KRB_USER 2>&1 |egrep -i 'krb|gss|kerb' open("/lib64/libgssapi_krb5.so.2", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 3 write(2, "psql: Kerberos 5 authentication "..., 46psql: Kerberos 5 authentication not supported Mike, for the upgrade -- have you used 'postgresql-setup'? That could mean that you have new configuration (namely pg_hba.conf). While the old configuration is backed-up in '/var/lib/pgsql/data-old/pg_hba.conf. Here is the f22 build log (--with-gssapi was used): https://kojipkgs.fedoraproject.org//packages/postgresql/9.4.5/1.fc22/data/logs/x86_64/build.log This is an intentional upstream change, cf http://www.postgresql.org/docs/9.4/static/release-9-4.html * Remove native support for Kerberos authentication (--with-krb5, etc) (Magnus Hagander) The supported way to use Kerberos authentication is with GSSAPI. The native code has been deprecated since PostgreSQL 8.3. I take it you're trying to use 9.4+ psql with some older server version? You should be able to switch the auth type in the server's pg_hba.conf from krb5 to gss without too much trouble. Yes, using psql to talk to an older server (8.2.14 looks like). However I do not control that server. Thanks for the info. I'll see what I can do. Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |