Re: GSSAPI Authentication Problem - Mailing list pgsql-odbc
| From | Hiroshi Inoue |
|---|---|
| Subject | Re: GSSAPI Authentication Problem |
| Date | |
| Msg-id | 5022680A.7040901@tpf.co.jp Whole thread Raw |
| In response to | Re: GSSAPI Authentication Problem (John Slattery <johntslattery@gmail.com>) |
| Responses |
Re: GSSAPI Authentication Problem
|
| List | pgsql-odbc |
(2012/08/08 5:03), John Slattery wrote: > On Tue, Aug 7, 2012 at 1:42 PM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >> (2012/08/07 23:13), John Slattery wrote: >>> >>> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>>> >>>> (2012/08/07 1:02), John Slattery wrote: >>>>> >>>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue@tpf.co.jp> wrote: >>>>>> >>>>>> >>>>>> Hi John, >>>>>> >>>>>> (2012/08/03 21:31), John Slattery wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I would like to report what seems like a problem with the driver. It >>>>>>> doesn't seem possible to override the default user name for >>>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my >>>>>>> Active Directory user name isn't the same as my Postgresql user name. >>>>>>> pgAdmin III and psql allow for this, the former by setting Username in >>>>>>> the GUI to my Postgresql user name and the latter by specifying the -U >>>>>>> option. I tried setting UID in the connection string I am using to my >>>>>>> Postgresql user name but that caused the driver to return the >>>>>>> following exception: >>>>>>> >>>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)': >>>>>>> >>>>>>> Service negotiation failed; >>>>>>> The specified target is unknown or unreachable in >>>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh >>>>>> >>>>>> >>>>>> How do you login to your Kerberos system? >>>>>> >>>>>> regards, >>>>>> Hiroshi Inoue >>>>>> >>>>> Hiroshi, >>>>> >>>>> I'm not sure I understand your question, but I'll take a shot at >>>>> answering it. The client is Windows XP, so I would say I'm using the >>>>> standard/default Windows GINA for Winlogon. >>>> >>>> >>>> OK I'd like to confirm SSPI is used. >>>> Could you try to set SSLMODE to 'allow' with the user name John? >>>> >>>> regards, >>>> Hiroshi Inoue >>>> >>> >>> Hiroshi, >>> >>> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to >>> 'allow'. >>> >>> It worked. >>> >>> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' = >>> 'disable'? Would you explain? >> >> >> Though psqlodbc supports SSPI authentication by itself, it doesn't >> look at PGKRBSRVNAME environment variable as you pointed out. >> Could you please try the drivers on testing for 9.1.0101 at >> http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/ >> ? >> >> Though psqlodbc communicates with servers by itself, it uses libpq >> connections in some cases. >> Setting sslmode to other than 'disable' forces psqlodbc to use libpq >> connections. >> Setting user name to '' also forces psqlodbc to use libpq connections. >> >> regards, >> Hiroshi Inoue > > A connection test with the 9.1.0101 testing 32bit drivers is > successful when 'User Name' = 'john' and 'SSL Mode' = 'allow'. When > 'User Name' = 'john' and 'SSL Mode' = 'disable', the connection test > responds with: Warning: GSS authentication not supported. > > Is there anything else I should try? OK I updated the drivers. PLease retry the drivers on testing for 9.1.0101 at http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/ . regards, Hiroshi Inoue
pgsql-odbc by date: