Y Y Y
otan / gopgkrb5 Goto Github PK
View Code? Open in Web Editor NEWAdds the dependencies necessary for Go PG drivers to access krb5.
License: MIT License
Adds the dependencies necessary for Go PG drivers to access krb5.
License: MIT License
Hello! I am currently trying to use your library along with pgx and pgconn. The thing is - I can't set neither krbspn nor krbsrvname parameter
package main
import (
"context"
"github.com/jackc/pgconn"
"github.com/jackc/pgx/v4"
"github.com/otan/gopgkrb5"
"github.com/sirupsen/logrus"
)
func init() {
pgconn.RegisterGSSProvider(func() (pgconn.GSS, error) { return gopgkrb5.NewGSS() })
}
func main() {
conf, err := pgx.ParseConfig("postgres://[email protected]:nopassword@postgres:5432/vault?krbsrvname=postgres1&sslmode=disable")
if err != nil {
panic(err)
}
logrus.Info(conf.Config.RuntimeParams)
conn, err := pgx.ConnectConfig(context.Background(), conf)
defer conn.Close(context.Background())
if err != nil {
panic(err)
}
res, err := conn.Query(context.Background(), "SELECT * FROM information_schema.tables;")
if err != nil {
panic(err)
}
logrus.Println(res.Values())
return
}
And it panics with
panic: failed to connect to host=postgres [email protected] database=vault
: failed GSS auth (kerberos error (InitSecContext): [R
oot cause: KDC_Error] KDC_Error: TGS Exchange Error: kerberos error response from KDC when requesting for postgres/postgres: KRB Error: (7)
KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database - LOOKING_UP_SERVER)
The KDC works perfectly, because I can connect with GSSAPI using psql without any promlem. The thing is, when I try to override krbsrvname, it is not changing (as i can tell from panic message)
github.com/jackc/pgconn v1.12.0
github.com/jackc/pgx/v4 v4.16.0
github.com/otan/gopgkrb5 v1.0.1
github.com/sirupsen/logrus v1.8.1
I added some functionality to connect using keytab instead of ticket cache
I want to create a keytab, but for that I need a valid kvno. Is it possible to make some kind of http request (or otherwise) to get a kvno?
I really don't know if it's something wrong with gokrb5 library, or pgx, but just for sure I will duplicate issue from pgx library here: jackc/pgx#1220
I am using kerberos authentication to connect to postgres. In pg_hba.conf there is a separate host type hostgssenc, which enables secure data transport between client and server. If I use this line:
host all all 0.0.0.0/0 gss include_realm=1 krb_realm=DOMAIN1.LOCAL
everything works fine. However, the connection is not secure.
If I change host to hostgssenc, I get this error:
failed to connect to host=postgres user=[email protected] database=vault: server error (FATAL: no pg_hba.conf entry for host "172.18.0.2", user "[email protected]", database "vault", no encryption (SQLSTATE 28000))
If I connect to postgres via psql, the connection becomes secure along with authentication.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.