By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

PostgreSQL Windows ODBC Datasource Administrator Authentication using Kerberos

2

Hello All,

My team has recently been shifted to using (MIT) Kerberos for authentication to our PostgreSQL database. We are able to successfully authenticate in dBeaver Lite, however we are not able to authenticate in ODBC   We have tried to establish a connection using 32 bit and 64 bit ODBC Data Sources. We have tried using the following psqlodbc driver versions (16.00.0000, 13.01.0000, 09.06.0500).

Across all attempts we have used the following configurations;

POSTGRES/<username>@<REALM> * SSL mode = require *

  • we have also tried with postgres/<username>@<REALM> and postgres/<username>@<realm> and <username> and POSTGRES/<username> and postgres/<username> ** we have tried the above also with all of the following SSL modes; (disable, allow, prefer, verify-ca, verify-full)

We have also added the Datasource Connection Settings (with all permutations of casing):

[PostgreSQL] AuthenticationMethod=4 servicePrincipalName=<username>@<realm>/@REALM

The connection using SSL mode = require which we believe is the correct configuration returns the following error;

"connection to server at <server path> port 5432 failed: FATAL: password authentication failed for user POSTGRES/<username>@<REALM>" <- this message is repeated twice.

removing POSTGRES/ returns the same error, but only a single instance of the error. Removing the Datasource Connection Settings and passing <username>@<REALM> returns the following error:

"connection to server at <server path> port 5432 failed: SSPI continuation error: The specified target is unknown or unreachable"

Topics
DatabaseCompute
Tags
PostgreSQLWindows
Language
English
mkainthig
asked a month ago444 views
1 Answer
0

Hello customer ,

As per the given description of your query , you are trying to access RDS PostgreSQL via kerberos authentication for dBeaver lite which was successfully done. But you are having authentication issues while doing the same in ODBC .

As Amazon RDS supports[1] external authentication of database users using Kerberos and Microsoft Active Directory. Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to eliminate the need to transmit passwords over the network. Kerberos has been built into Active Directory and is designed to authenticate users to network resources, such as databases.

Both methods should be able to be used as long as the setup for Kerberos authentication for PostgreSQL DB *instances[2] was completed beforehand.

As far as my understanding , it would be great if you can reach out to us via AWS support case so that we can have the better understanding of the issue you are facing now.

I have attached some of the AWS docs for your reference regarding the connecting to RDS PostgreSQL with Kerberos authentication.

[1] : https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/database-authentication.html#kerberos-authentication

[2] : https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.html

AWS
Aryushi_J
answered a month ago

Relevant content