The following bug has been logged on the website:
Bug reference: 9337
Logged by: Brian Crowell
Email address: brian@fluggo.com
PostgreSQL version: 9.3.3
Operating system: Linux
Description:
Hello. I posted this to the general discussion group, but I think it's
worthwhile to call it a bug, too.
I'm working with the Npgsql group on getting integrated security to "just
work" in the same way SQL Server's does. I wrote a workaround for one issue,
only to find out that I need more workarounds, and I finally realized that
this a problem with the way Postgres handles GSSAPI/SSPI logins. You can
read my full description here:
https://github.com/npgsql/Npgsql/issues/162#issuecomment-35916650
The short version is that Postgres requires two user names when using
GSSAPI/SSPI: one from the startup packet, and one from the Kerberos ticket,
and if these don't match exactly, the login fails. It's generally impossible
to determine the correct user name to send in the startup packet.
I think Postgres should either not require or ignore the user name in the
startup packet for these two login types.