otan / gopgkrb5 Goto Github PK

Adds the dependencies necessary for Go PG drivers to access krb5.

License: MIT License

Go 100.00%

gopgkrb5's Issues

can't set krbspn and krbsrvname

Hello! I am currently trying to use your library along with pgx and pgconn. The thing is - I can't set neither krbspn nor krbsrvname parameter

Code

package main

import (
	"context"
	"github.com/jackc/pgconn"
	"github.com/jackc/pgx/v4"
	"github.com/otan/gopgkrb5"
	"github.com/sirupsen/logrus"
)

func init() {
	pgconn.RegisterGSSProvider(func() (pgconn.GSS, error) { return gopgkrb5.NewGSS() })
}

func main() {

	conf, err := pgx.ParseConfig("postgres://[email protected]:nopassword@postgres:5432/vault?krbsrvname=postgres1&sslmode=disable")
	if err != nil {
		panic(err)
	}

	logrus.Info(conf.Config.RuntimeParams)

	conn, err := pgx.ConnectConfig(context.Background(), conf)
	defer conn.Close(context.Background())
	if err != nil {
		panic(err)
	}

	res, err := conn.Query(context.Background(), "SELECT * FROM information_schema.tables;")
	if err != nil {
		panic(err)
	}
	logrus.Println(res.Values())
	return
}

And it panics with
panic: failed to connect to host=postgres [email protected] database=vault: failed GSS auth (kerberos error (InitSecContext): [R
oot cause: KDC_Error] KDC_Error: TGS Exchange Error: kerberos error response from KDC when requesting for postgres/postgres: KRB Error: (7)
KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database - LOOKING_UP_SERVER)

The KDC works perfectly, because I can connect with GSSAPI using psql without any promlem. The thing is, when I try to override krbsrvname, it is not changing (as i can tell from panic message)

Packages versions I am using:

github.com/jackc/pgconn v1.12.0
github.com/jackc/pgx/v4 v4.16.0
github.com/otan/gopgkrb5 v1.0.1
github.com/sirupsen/logrus v1.8.1

Keytab support when connecting

I added some functionality to connect using keytab instead of ticket cache

How can I get a kvno for keytab, by a separate request, or in another way?

I want to create a keytab, but for that I need a valid kvno. Is it possible to make some kind of http request (or otherwise) to get a kvno?

Unable to use GSSAPI encryption

I really don't know if it's something wrong with gokrb5 library, or pgx, but just for sure I will duplicate issue from pgx library here: jackc/pgx#1220

I am using kerberos authentication to connect to postgres. In pg_hba.conf there is a separate host type hostgssenc, which enables secure data transport between client and server. If I use this line:

host all all 0.0.0.0/0 gss include_realm=1 krb_realm=DOMAIN1.LOCAL

everything works fine. However, the connection is not secure.
If I change host to hostgssenc, I get this error:

failed to connect to host=postgres user=[email protected] database=vault: server error (FATAL: no pg_hba.conf entry for host "172.18.0.2", user "[email protected]", database "vault", no encryption (SQLSTATE 28000))

If I connect to postgres via psql, the connection becomes secure along with authentication.

otan / gopgkrb5 Goto Github PK

gopgkrb5's Introduction

gopgkrb5's People

Contributors

Stargazers

Watchers

Forkers

gopgkrb5's Issues

can't set krbspn and krbsrvname

Code

Packages versions I am using:

Keytab support when connecting

How can I get a kvno for keytab, by a separate request, or in another way?

Unable to use GSSAPI encryption

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent