Upgraded from F21 to F22 (yes, waited to last minute), and psql krb auth is broken. postgresql-9.4.5-1.fc22.x86_64 % psql -h DBHOST DBNAME KRB_USER psql: Kerberos 5 authentication not supported Did we compile with gssapi support?
It does appear to load the libs though. $ strace psql -h DBHOST DBNAME KRB_USER 2>&1 |egrep -i 'krb|gss|kerb' open("/lib64/libgssapi_krb5.so.2", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 3 write(2, "psql: Kerberos 5 authentication "..., 46psql: Kerberos 5 authentication not supported
Mike, for the upgrade -- have you used 'postgresql-setup'? That could mean that you have new configuration (namely pg_hba.conf). While the old configuration is backed-up in '/var/lib/pgsql/data-old/pg_hba.conf. Here is the f22 build log (--with-gssapi was used): https://kojipkgs.fedoraproject.org//packages/postgresql/9.4.5/1.fc22/data/logs/x86_64/build.log
This is an intentional upstream change, cf http://www.postgresql.org/docs/9.4/static/release-9-4.html * Remove native support for Kerberos authentication (--with-krb5, etc) (Magnus Hagander) The supported way to use Kerberos authentication is with GSSAPI. The native code has been deprecated since PostgreSQL 8.3. I take it you're trying to use 9.4+ psql with some older server version? You should be able to switch the auth type in the server's pg_hba.conf from krb5 to gss without too much trouble.
Yes, using psql to talk to an older server (8.2.14 looks like). However I do not control that server. Thanks for the info. I'll see what I can do.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.