Postgres Pro
Downloads
Home   >   mailing lists

Re: GSSAPI Authentication Problem - Mailing list pgsql-odbc

From Hiroshi Inoue
Subject Re: GSSAPI Authentication Problem
Date
Msg-id 5021617F.4080003@tpf.co.jp
Whole thread Raw
In response to Re: GSSAPI Authentication Problem  (John Slattery <johntslattery@gmail.com>)
Responses Re: GSSAPI Authentication Problem  (John Slattery <johntslattery@gmail.com>)
List pgsql-odbc
Tree view 
(2012/08/07 23:13), John Slattery wrote:
> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote:
>> (2012/08/07 1:02), John Slattery wrote:
>>>
>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote:
>>>>
>>>> Hi John,
>>>>
>>>>
>>>> (2012/08/03 21:31), John Slattery wrote:
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> I would like to report what seems like a problem with the driver. It
>>>>> doesn't seem possible to override the default user name for
>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my
>>>>> Active Directory user name isn't the same as my Postgresql user name.
>>>>> pgAdmin III and psql allow for this, the former by setting Username in
>>>>> the GUI to my Postgresql user name and the latter by specifying the -U
>>>>> option. I tried setting UID in the connection string I am using to my
>>>>> Postgresql user name but that caused the driver to return the
>>>>> following exception:
>>>>>
>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)':
>>>>>
>>>>> Service negotiation failed;
>>>>> The specified target is unknown or unreachable in
>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh
>>>>
>>>>
>>>>
>>>> How do you login to your Kerberos system?
>>>>
>>>> regards,
>>>> Hiroshi Inoue
>>>>
>>>
>>> Hiroshi,
>>>
>>> I'm not sure I understand your question, but I'll take a shot at
>>> answering it. The client is Windows XP, so I would say I'm using the
>>> standard/default Windows GINA for Winlogon.
>>
>>
>> OK I'd like to confirm SSPI is used.
>> Could you try to set SSLMODE to 'allow' with the user name John?
>>
>> regards,
>> Hiroshi Inoue
>>
>
> Hiroshi,
>
> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to 'allow'.
>
> It worked.
>
> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' =
> 'disable'? Would you explain?

Though psqlodbc supports SSPI authentication by itself, it doesn't
look at PGKRBSRVNAME environment variable as you pointed out.
Could you please try the drivers on testing for 9.1.0101 at
   http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/
?

Though psqlodbc communicates with servers by itself, it uses libpq
connections in some cases.
Setting sslmode to other than 'disable' forces psqlodbc to use libpq
connections.
Setting user name to '' also forces psqlodbc to use libpq connections.

regards,
Hiroshi Inoue

pgsql-odbc by date:

Previous
From: John Slattery
Date:
Subject: Re: GSSAPI Authentication Problem
Next
From: John Slattery
Date:
Subject: Re: GSSAPI Authentication Problem