Skip site navigation (1) Skip section navigation (2)

Re: GSSAPI Authentication Problem

From: John Slattery <johntslattery(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: pgsql-odbc(at)postgresql(dot)org
Subject: Re: GSSAPI Authentication Problem
Date: 2012-08-03 16:44:45
Message-ID: (view raw or whole thread)
Lists: pgsql-odbc
On Fri, Aug 3, 2012 at 8:51 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> John,
>   The ODBC driver can be configured through the ODBC manager and you can
>   provide the username that you want to log in as there.  The ODBC
>   driver (and the libpq underneath) should still be able to use your
>   AD/GSSAPI credentials to authenticate.
>         Thanks,
>                 Stephen
> * John Slattery (johntslattery(at)gmail(dot)com) wrote:
>>  Hi,
>> I would like to report what seems like a problem with the driver. It
>> doesn't seem possible to override the default user name for
>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my
>> Active Directory user name isn't the same as my Postgresql user name.
>> pgAdmin III and psql allow for this, the former by setting Username in
>> the GUI to my Postgresql user name and the latter by specifying the -U
>> option. I tried setting UID in the connection string I am using to my
>> Postgresql user name but that caused the driver to return the
>> following exception:
>> Run-time error '-2147217843 (800040e4d)':
>> Service negotiation failed;
>> The specified target is unknown or unreachable in
>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh
>> The connection string that produces this exception is:
>> DRIVER={PostgreSQL
>> ;PORT=5432;UID=john;PWD=;SSLmode=disable;ReadOnly=0;Protocol=7.4-1;FakeOidIndex=0;ShowOidColumn=0;RowVersioning=0;ShowSystemTables=0;ConnSettings=;Fetch=100;Socket=4096;UnknownSizes=0;MaxVarcharSize=255;MaxLongVarcharSize=8190;Debug=0;CommLog=0;Optimizer=0;Ksqo=1;UseDeclareFetch=0;TextAsLongVarchar=1;UnknownsAsLongVarchar=0;BoolsAsChar=0;Parse=0;CancelAsFreeStmt=0;ExtraSysTablePrefixes=dd_;;LFConversion=1;UpdatableCursors=1;DisallowPremature=0;TrueIsMinus1=0;BI=0;ByteaAsLongVarBinary=0;UseServerSidePrepare=0;LowerCaseIdentifier=0;GssAuthUseGSS=0;XaOpt=1
>> I'm using it in a Visual Basic 6 project.
>> The version of the driver is The database version is 8.4 from
>> Debian 6. Please find mylog_408.log attached.
>> Thank you for taking a look at this.
>> John
>> --
>> Sent via pgsql-odbc mailing list (pgsql-odbc(at)postgresql(dot)org)
>> To make changes to your subscription:


At your suggestion, I opened the ODBC data source administrator in
Windows XP and attempted to create a user DSN using all of the default
values and providing 'Database', 'Server', and 'User Name'. In this
case 'User Name' was the Active Directory user name. When I pressed
the 'Test' button, I received the same exception I noted in my initial
post. I repeated the test with logging turned on. Nothing seems to
have been recorded about the failed test. The log file is attached.

If I log into the same machine as a user without a mapping in
pg_ident.conf and leave 'User Name' empty, the test is successful. If
I include the user name, which in this case is the same for Active
Directory and Postgresql, I see the same exception.

Could it be that when the only means of authentication enabled in
pg_hba.conf is gss that having anything in 'User Name' is a problem?


Attachment: mylog_2392.log
Description: application/octet-stream (1.3 KB)

In response to


pgsql-odbc by date

Next:From: Stephen FrostDate: 2012-08-03 16:54:28
Subject: Re: GSSAPI Authentication Problem
Previous:From: Stephen FrostDate: 2012-08-03 13:51:46
Subject: Re: GSSAPI Authentication Problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group