1. We have set up a mysql database to allow kerberos authentication using pam_krb5 auth module.
2. User has been created in the mysql database.
3.We are unable to login after initializing the principal on the server and client.
Error:
Cannot login ‘Access denied for user ‘xxxx’@‘xxxxxx’ (using password: YES)’
Hi Chanakya,
Were you able to setup Percona PAM plugin? Kerberos is not directly supported but can be used through PAM:
mysql> INSTALL PLUGIN auth_pam SONAME 'auth_pam.so';
mysql> INSTALL PLUGIN auth_pam_compat SONAME 'auth_pam_compat.so';
Were you able to create /etc/pam.d/mysqld? It should have the following contents:
# cat /etc/pam.d/mysqld
auth required pam_krb5.so
account required pam_krb5.so
It should also be readable by MySQL.
chmod 644 /etc/pam.d/mysqld
Did you create MySQL users that authenticate to auth_pam/auth_pam_compat?
CREATE USER kerberos_user@'%' IDENTIFIED WITH auth_pam;
Are you able to log in as this user in Kerberos?
kinit kerberos_user
klist
kdestroy -A
If you’re not able to log in, you may need to check /etc/krb5.conf if the client settings are correct.
If you are able to log in from Kerberos, then you should be able to do this also:
mysql -ukerberos_user -pKerberosPassword
Unfortunately, you need to specify the password everytime you log in because Percona Server doesn’t support Kerberos directly.
If you are not able to log in, please share your setup in detail.
Thank you.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.