Thread: Connecting to postgresql using SSPI via JDBC
Hi everyone,
I've got a postgresql configured with sspi authentication.
The authentication works usng psql, however, when attempting to connect via the jdbc driver I get this exception:
"org.postgresql.util.PSQLException: The authentication type 9 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver."
Does the jdbc driver simply not support sspi?
Does it support ldap?
Thanks,
Idan
On Wed, 16 Jun 2010, Idan Miller wrote: > I've got a postgresql configured with sspi authentication. > The authentication works usng psql, however, when attempting to connect via > the jdbc driver I get this exception: > > "org.postgresql.util.PSQLException: The authentication type 9 is not > supported. Check that you have configured the pg_hba.conf file to include > the client's IP address or subnet, and that it is using an authentication > scheme supported by the driver." > > Does the jdbc driver simply not support sspi? The JDBC driver supports gssapi, but not sspi. It's possible that the existing gssapi support could be used to implement sspi, but no one has tried that. > Does it support ldap? > Yes, no specific client support is needed for LDAP authentication, that is all done server side. Using LDAP transmits the password from the driver to the server in plaintext form, so you should use a SSL connection if you're worried about security. Kris Jurka
Thanks!
As far as I know, I an configure gssapi on windows as well, right?
So techincaly, if I manage to do so, I will get the same "sspi like" authentication, right?
Idan.
On Wed, Jun 16, 2010 at 9:32 PM, Kris Jurka <books@ejurka.com> wrote:
The JDBC driver supports gssapi, but not sspi. It's possible that the existing gssapi support could be used to implement sspi, but no one has tried that.
On Wed, 16 Jun 2010, Idan Miller wrote:I've got a postgresql configured with sspi authentication.
The authentication works usng psql, however, when attempting to connect via
the jdbc driver I get this exception:
"org.postgresql.util.PSQLException: The authentication type 9 is not
supported. Check that you have configured the pg_hba.conf file to include
the client's IP address or subnet, and that it is using an authentication
scheme supported by the driver."
Does the jdbc driver simply not support sspi?Does it support ldap?
Yes, no specific client support is needed for LDAP authentication, that is all done server side. Using LDAP transmits the password from the driver to the server in plaintext form, so you should use a SSL connection if you're worried about security.
Kris Jurka
On Thu, 17 Jun 2010, Idan Miller wrote: > As far as I know, I an configure gssapi on windows as well, right? > So techincaly, if I manage to do so, I will get the same "sspi like" > authentication, right? Yes. Kris Jurka
Is someone willing to implement that?
It's a really important feature for us since the JDBC-ODBC bridge doesn't work well with bytea columns (it truncates them even though we declared maxlongvarchar and maxvarchar to be very big).
Thanks,
Idan.
On Thu, Jun 17, 2010 at 9:55 PM, Kris Jurka <books@ejurka.com> wrote:
Yes.
On Thu, 17 Jun 2010, Idan Miller wrote:As far as I know, I an configure gssapi on windows as well, right?
So techincaly, if I manage to do so, I will get the same "sspi like"
authentication, right?
Kris Jurka
Implement what? The JDBC driver does support GSSAPI authentication although it is a bit cumbersome to setup (and the only documentation is in the list archives). Kris Jurka On 6/27/2010 12:52 AM, Idan Miller wrote: > Is someone willing to implement that? > It's a really important feature for us since the JDBC-ODBC bridge > doesn't work well with bytea columns (it truncates them even though we > declared maxlongvarchar and maxvarchar to be very big). > > Thanks, > Idan. > > On Thu, Jun 17, 2010 at 9:55 PM, Kris Jurka <books@ejurka.com > <mailto:books@ejurka.com>> wrote: > > > > On Thu, 17 Jun 2010, Idan Miller wrote: > > As far as I know, I an configure gssapi on windows as well, right? > So techincaly, if I manage to do so, I will get the same "sspi like" > authentication, right? > > > Yes. > > Kris Jurka > >
SSPI is supported only on windows clients. If you try authenticating from a Linux client against a SSPI requiring server you will get an error similar to the JDBC driver exception indicating that it is not supported. Supporting SSPI only on windows for Java would require linking with native code which we don't want to do. Unless you need NTLM support, I don't see why you wouldn't use GSSAPI which is supported on all platforms including the JDBC driver. Kris Jurka On 6/28/2010 4:45 PM, Idan Miller wrote: > postgres supports native sspi support (and not gssapi) in the server > side, but that support is missing from the client. > So I would expect an implementation on the client side (right now a not > supported authentication type exception is thrown when attempting to > connect with sspi).. > > Idan > > On Mon, Jun 28, 2010 at 10:06 PM, Kris Jurka <books@ejurka.com > <mailto:books@ejurka.com>> wrote: > > Implement what? The JDBC driver does support GSSAPI authentication > although it is a bit cumbersome to setup (and the only documentation > is in the list archives). > > Kris Jurka > > > On 6/27/2010 12:52 AM, Idan Miller wrote: > > Is someone willing to implement that? > It's a really important feature for us since the JDBC-ODBC bridge > doesn't work well with bytea columns (it truncates them even > though we > declared maxlongvarchar and maxvarchar to be very big). > > Thanks, > Idan. > > On Thu, Jun 17, 2010 at 9:55 PM, Kris Jurka <books@ejurka.com > <mailto:books@ejurka.com> > <mailto:books@ejurka.com <mailto:books@ejurka.com>>> wrote: > > > > On Thu, 17 Jun 2010, Idan Miller wrote: > > As far as I know, I an configure gssapi on windows as > well, right? > So techincaly, if I manage to do so, I will get the same > "sspi like" > authentication, right? > > > Yes. > > Kris Jurka > > > >