Skip site navigation (1) Skip section navigation (2)

Re: GSSAPI Authentication Problem

From: Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp>
To: John Slattery <johntslattery(at)gmail(dot)com>
Cc: pgsql-odbc(at)postgresql(dot)org
Subject: Re: GSSAPI Authentication Problem
Date: 2012-08-07 18:42:07
Message-ID: 5021617F.4080003@tpf.co.jp (view raw or flat)
Thread:
Lists: pgsql-odbc
(2012/08/07 23:13), John Slattery wrote:
> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>> (2012/08/07 1:02), John Slattery wrote:
>>>
>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>>>>
>>>> Hi John,
>>>>
>>>>
>>>> (2012/08/03 21:31), John Slattery wrote:
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> I would like to report what seems like a problem with the driver. It
>>>>> doesn't seem possible to override the default user name for
>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my
>>>>> Active Directory user name isn't the same as my Postgresql user name.
>>>>> pgAdmin III and psql allow for this, the former by setting Username in
>>>>> the GUI to my Postgresql user name and the latter by specifying the -U
>>>>> option. I tried setting UID in the connection string I am using to my
>>>>> Postgresql user name but that caused the driver to return the
>>>>> following exception:
>>>>>
>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)':
>>>>>
>>>>> Service negotiation failed;
>>>>> The specified target is unknown or unreachable in
>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh
>>>>
>>>>
>>>>
>>>> How do you login to your Kerberos system?
>>>>
>>>> regards,
>>>> Hiroshi Inoue
>>>>
>>>
>>> Hiroshi,
>>>
>>> I'm not sure I understand your question, but I'll take a shot at
>>> answering it. The client is Windows XP, so I would say I'm using the
>>> standard/default Windows GINA for Winlogon.
>>
>>
>> OK I'd like to confirm SSPI is used.
>> Could you try to set SSLMODE to 'allow' with the user name John?
>>
>> regards,
>> Hiroshi Inoue
>>
>
> Hiroshi,
>
> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to 'allow'.
>
> It worked.
>
> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' =
> 'disable'? Would you explain?

Though psqlodbc supports SSPI authentication by itself, it doesn't
look at PGKRBSRVNAME environment variable as you pointed out.
Could you please try the drivers on testing for 9.1.0101 at
   http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/
?

Though psqlodbc communicates with servers by itself, it uses libpq 
connections in some cases.
Setting sslmode to other than 'disable' forces psqlodbc to use libpq
connections.
Setting user name to '' also forces psqlodbc to use libpq connections.

regards,
Hiroshi Inoue

In response to

Responses

pgsql-odbc by date

Next:From: John SlatteryDate: 2012-08-07 20:03:05
Subject: Re: GSSAPI Authentication Problem
Previous:From: John SlatteryDate: 2012-08-07 14:13:24
Subject: Re: GSSAPI Authentication Problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group