On Sun, Dec 30, 2007 at 10:33:17PM +0100, Martin Pitt wrote: > reassign 447604 postgresql-8.2 > tag 447604 needsinfo > thanks > > Hi Wouter, > > Wouter Verhelst [2007-10-22 16:37 +0200]: > > [EMAIL PROTECTED]: [EMAIL PROTECTED]:~$ klist > > Ticket cache: FILE:/tmp/krb5cc_1000 > > Default principal: [EMAIL PROTECTED] > > > > Valid starting Expires Service principal > > 10/22/07 16:24:10 10/23/07 02:24:10 krbtgt/[EMAIL PROTECTED] > > renew until 10/23/07 16:24:06 > > > > > > Kerberos 4 ticket cache: /tmp/tkt1000 > > klist: You have no tickets cached > > [EMAIL PROTECTED]: [EMAIL PROTECTED]:~$ psql -l > > psql: FATAL: Ident authentication failed for user "wouter" > > [EMAIL PROTECTED]: [EMAIL PROTECTED]:~$ exit > > > The authentication system used by postgresql somehow picks this up and > > runs with it, even though I didn't set up any kerberos-based > > authentication in postgresql (and, well, the kerberos username is just > > *wrong* if I'm trying to do ident authentication). > > I wonder where it takes the name 'wouter' from?
The kerberos ticket: as the klist output shows, I have a ticket for "[EMAIL PROTECTED]", with "GREP.BE" being my kerberos realm, and "wouter" being the principal in the kerberos ticket name, which is commonly used as a username when it's a kerberos principal for a user. To pick the kerberos principal as username is a perfectly reasonable thing to do when kerberos authentication is actually in use--but only then... > Can you please give me the output of 'pg_lsclusters' and 'psql > --version' and attach /etc/postgresql/*/*/pg_ident.conf ? [EMAIL PROTECTED]:~$ pg_lsclusters Version Cluster Port Status Owner Data directory Log file 8.1 main 5432 online postgres /var/lib/postgresql/8.1/main /var/log/postgresql/postgresql-8.1-main.log [EMAIL PROTECTED]:~$ psql --version psql (PostgreSQL) 8.1.10 contains support for command-line editing [EMAIL PROTECTED]:~$ exit pg_ident.conf contains only comments (the default ones, I've never touched that file) I haven't tried this with 8.2 yet; but if you want, I can do that. -- <Lo-lan-do> Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
