Join Log in
Score:0
folow avatar Server

pgadmin4 using kerberos authentication returns error "Kerberos authentication failed. Couldn't find kerberos ticket"

ru flag
folow
  1. My environment:
  • MIT Kerberos server on Red Hat 8.8
  • PostgreSQL server v15.3 on Red Hat 8.8
  • PostgreSQL client v15.3 on Ubuntu 22.04 Desktop

  1. I have configured PostgreSQL server to use Kerberos. On my Ubuntu Desktop where PostgreSQL client is installed, I can successfully establish Kerberos connection with PostgreSQL server using psql client.

  2. On Ubuntu Desktop I have installed pgadmin4 using apache2 server following instructions: https://computingforgeeks.com/how-to-install-pgadmin-4-on-ubuntu/ I can successfully login into pgadmin4 using internal pgadmin4 connection and I can establish PostgreSQL connection with PostgreSQL server that does NOT use Kerberos. I think pgadmin4 is correctly setup.

  3. Now I would like to establish Kerberos authentication with pgadmin4 to PostgreSQL Kerberos configured server. I have followed official documentation: https://www.pgadmin.org/docs/pgadmin4/latest/kerberos.html and also watched youtube video: https://www.youtube.com/watch?v=EDg6I21kCak - I can follow and configure everything like in doc and video, but finally when I open Firefox 113 browser, type in URL: http://desktop.example.com/pgadmin4/browser/ and pgadmin4 web page loads, but in top right corner there is error message displayed: "Kerberos authentication failed. Cound't find kerberos ticket."

  4. I have checked the ticket with "klist" command and ticket is there and still valid (remember I can successfully establish Kerberos connection with psql tool). Also desktop's keytab file is present in Ubuntu.

  5. On Ubuntu I have checked /var/log/pgadmin/ where is an empty file. Also checked the /var/log/apache2/ folder where the only message (during connection establishing) is in access.log:

192.168.100.31 - - [02/Jun/2023:13:41:49 +0200] "GET /pgadmin4/browser/ HTTP/1.1" 302 930 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/113.0"

192.168.100.31 - - [02/Jun/2023:13:42:04 +0200] "GET /pgadmin4/login?next=%2Fpgadmin4%2Fbrowser%2F HTTP/1.1" 401 5435 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/113.0"

  1. I can't see any errors in log files. I have searched the web, but can't find anything useful.

Any idea what I can look into?

83
1 + 0
Score:0
folow avatar Server
ru flag
folow

I have solved the problem. In my case it was browser problem.

In Ubuntu 22.04 browser Firefox is by default installed as snap package. Snap packages are sandboxed and are not allowed to access Linux KEYRING where Kerberos tickers are saved.

I tried to install Firefox flatpak which is also sandboxed and access to pgAdmin4 fails with exact the same error "Cound't find kerberos ticket."

SOLUTION:

  1. I have downloaded non-snap version from Mozilla Firefox https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64&lang=en-US
  2. Change dir to downloads directory: '`cd Downloads'
  3. Untar the file: tar xvf firefox*
  4. Change dir to extracted folder: cd firefox
  5. Run the browser: ./firefox &
  6. Typed in my pgAdmin4 server in URL: http://desktop.example.com/pgadmin4/browser/ and pgAdmin4 logins and at the top right is displayed: [email protected] (kerberos), so I have successfully logged into PostgreSQL Server using Kerberos. Problem solved.

Recap:

  • Firefox/snap: ERROR: Cound't find kerberos ticket.
  • Firefox/flatpak: ERROR: Cound't find kerberos ticket.
  • Mozilla/Firefox tar file: Works fine
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.