Re: GSSAPI Authentication Problem - Mailing list pgsql-odbc
From | John Slattery |
---|---|
Subject | Re: GSSAPI Authentication Problem |
Date | |
Msg-id | CA+hybRWGrfdfiNg6RtFy7rPC70XmAO5=uwUFOvgyr4evjW5b1A@mail.gmail.com Whole thread Raw |
In response to | Re: GSSAPI Authentication Problem (Hiroshi Inoue <inoue@tpf.co.jp>) |
List | pgsql-odbc |
On Wed, Aug 8, 2012 at 8:22 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: > (2012/08/08 5:03), John Slattery wrote: >> >> On Tue, Aug 7, 2012 at 1:42 PM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>> >>> (2012/08/07 23:13), John Slattery wrote: >>>> >>>> >>>> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>>>> >>>>> >>>>> (2012/08/07 1:02), John Slattery wrote: >>>>>> >>>>>> >>>>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> Hi John, >>>>>>> >>>>>>> (2012/08/03 21:31), John Slattery wrote: >>>>>>>> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I would like to report what seems like a problem with the driver. It >>>>>>>> doesn't seem possible to override the default user name for >>>>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my >>>>>>>> Active Directory user name isn't the same as my Postgresql user >>>>>>>> name. >>>>>>>> pgAdmin III and psql allow for this, the former by setting Username >>>>>>>> in >>>>>>>> the GUI to my Postgresql user name and the latter by specifying the >>>>>>>> -U >>>>>>>> option. I tried setting UID in the connection string I am using to >>>>>>>> my >>>>>>>> Postgresql user name but that caused the driver to return the >>>>>>>> following exception: >>>>>>>> >>>>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)': >>>>>>>> >>>>>>>> Service negotiation failed; >>>>>>>> The specified target is unknown or unreachable in >>>>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh >>>>>>> >>>>>>> >>>>>>> >>>>>>> How do you login to your Kerberos system? >>>>>>> >>>>>>> regards, >>>>>>> Hiroshi Inoue >>>>>>> >>>>>> Hiroshi, >>>>>> >>>>>> I'm not sure I understand your question, but I'll take a shot at >>>>>> answering it. The client is Windows XP, so I would say I'm using the >>>>>> standard/default Windows GINA for Winlogon. >>>>> >>>>> >>>>> >>>>> OK I'd like to confirm SSPI is used. >>>>> Could you try to set SSLMODE to 'allow' with the user name John? >>>>> >>>>> regards, >>>>> Hiroshi Inoue >>>>> >>>> >>>> Hiroshi, >>>> >>>> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to >>>> 'allow'. >>>> >>>> It worked. >>>> >>>> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' = >>>> 'disable'? Would you explain? >>> >>> >>> >>> Though psqlodbc supports SSPI authentication by itself, it doesn't >>> look at PGKRBSRVNAME environment variable as you pointed out. >>> Could you please try the drivers on testing for 9.1.0101 at >>> http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/ >>> ? >>> >>> Though psqlodbc communicates with servers by itself, it uses libpq >>> connections in some cases. >>> Setting sslmode to other than 'disable' forces psqlodbc to use libpq >>> connections. >>> Setting user name to '' also forces psqlodbc to use libpq connections. >>> >>> regards, >>> Hiroshi Inoue >> >> >> A connection test with the 9.1.0101 testing 32bit drivers is >> successful when 'User Name' = 'john' and 'SSL Mode' = 'allow'. When >> 'User Name' = 'john' and 'SSL Mode' = 'disable', the connection test >> responds with: Warning: GSS authentication not supported. >> >> Is there anything else I should try? > > > OK I updated the drivers. > PLease retry the drivers on testing for 9.1.0101 at > http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/ > . > > regards, > Hiroshi Inoue Connection tests with the ANSI and Unicode 8/8/2012 9.1.0101 testing 32bit drivers were successful on both 'User Name' = 'john' and 'SSL Mode' = 'allow' and 'User Name' = 'john' and 'SSL Mode' = 'disable' I also ran the same cases in my test application successfully. I think you have it! Thanks. John
pgsql-odbc by date: