Re: GSSAPI Authentication Problem - Mailing list pgsql-odbc
| From | John Slattery |
|---|---|
| Subject | Re: GSSAPI Authentication Problem |
| Date | |
| Msg-id | CA+hybRUC=v51Dnitim+GRtDLP8cGJxkbBRpgJ3-8RLXXngpbWw@mail.gmail.com Whole thread Raw |
| In response to | Re: GSSAPI Authentication Problem (Hiroshi Inoue <inoue@tpf.co.jp>) |
| Responses |
Re: GSSAPI Authentication Problem
(Hiroshi Inoue <inoue@tpf.co.jp>)
|
| List | pgsql-odbc |
On Tue, Aug 7, 2012 at 1:42 PM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: > (2012/08/07 23:13), John Slattery wrote: >> >> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>> >>> (2012/08/07 1:02), John Slattery wrote: >>>> >>>> >>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>>>> >>>>> >>>>> Hi John, >>>>> >>>>> >>>>> (2012/08/03 21:31), John Slattery wrote: >>>>>> >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> I would like to report what seems like a problem with the driver. It >>>>>> doesn't seem possible to override the default user name for >>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my >>>>>> Active Directory user name isn't the same as my Postgresql user name. >>>>>> pgAdmin III and psql allow for this, the former by setting Username in >>>>>> the GUI to my Postgresql user name and the latter by specifying the -U >>>>>> option. I tried setting UID in the connection string I am using to my >>>>>> Postgresql user name but that caused the driver to return the >>>>>> following exception: >>>>>> >>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)': >>>>>> >>>>>> Service negotiation failed; >>>>>> The specified target is unknown or unreachable in >>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh >>>>> >>>>> >>>>> >>>>> >>>>> How do you login to your Kerberos system? >>>>> >>>>> regards, >>>>> Hiroshi Inoue >>>>> >>>> >>>> Hiroshi, >>>> >>>> I'm not sure I understand your question, but I'll take a shot at >>>> answering it. The client is Windows XP, so I would say I'm using the >>>> standard/default Windows GINA for Winlogon. >>> >>> >>> >>> OK I'd like to confirm SSPI is used. >>> Could you try to set SSLMODE to 'allow' with the user name John? >>> >>> regards, >>> Hiroshi Inoue >>> >> >> Hiroshi, >> >> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to >> 'allow'. >> >> It worked. >> >> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' = >> 'disable'? Would you explain? > > > Though psqlodbc supports SSPI authentication by itself, it doesn't > look at PGKRBSRVNAME environment variable as you pointed out. > Could you please try the drivers on testing for 9.1.0101 at > http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/ > ? > > Though psqlodbc communicates with servers by itself, it uses libpq > connections in some cases. > Setting sslmode to other than 'disable' forces psqlodbc to use libpq > connections. > Setting user name to '' also forces psqlodbc to use libpq connections. > > regards, > Hiroshi Inoue A connection test with the 9.1.0101 testing 32bit drivers is successful when 'User Name' = 'john' and 'SSL Mode' = 'allow'. When 'User Name' = 'john' and 'SSL Mode' = 'disable', the connection test responds with: Warning: GSS authentication not supported. Is there anything else I should try?
pgsql-odbc by date: