Re: GSSAPI Authentication Problem

(2012/08/08 5:03), John Slattery wrote:
> On Tue, Aug 7, 2012 at 1:42 PM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>> (2012/08/07 23:13), John Slattery wrote:
>>>
>>> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>>>>
>>>> (2012/08/07 1:02), John Slattery wrote:
>>>>>
>>>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>>>>>>
>>>>>>
>>>>>> Hi John,
>>>>>>
>>>>>> (2012/08/03 21:31), John Slattery wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I would like to report what seems like a problem with the driver. It
>>>>>>> doesn't seem possible to override the default user name for
>>>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my
>>>>>>> Active Directory user name isn't the same as my Postgresql user name.
>>>>>>> pgAdmin III and psql allow for this, the former by setting Username in
>>>>>>> the GUI to my Postgresql user name and the latter by specifying the -U
>>>>>>> option. I tried setting UID in the connection string I am using to my
>>>>>>> Postgresql user name but that caused the driver to return the
>>>>>>> following exception:
>>>>>>>
>>>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)':
>>>>>>>
>>>>>>> Service negotiation failed;
>>>>>>> The specified target is unknown or unreachable in
>>>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh
>>>>>>
>>>>>>
>>>>>> How do you login to your Kerberos system?
>>>>>>
>>>>>> regards,
>>>>>> Hiroshi Inoue
>>>>>>
>>>>> Hiroshi,
>>>>>
>>>>> I'm not sure I understand your question, but I'll take a shot at
>>>>> answering it. The client is Windows XP, so I would say I'm using the
>>>>> standard/default Windows GINA for Winlogon.
>>>>
>>>>
>>>> OK I'd like to confirm SSPI is used.
>>>> Could you try to set SSLMODE to 'allow' with the user name John?
>>>>
>>>> regards,
>>>> Hiroshi Inoue
>>>>
>>>
>>> Hiroshi,
>>>
>>> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to
>>> 'allow'.
>>>
>>> It worked.
>>>
>>> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' =
>>> 'disable'? Would you explain?
>>
>>
>> Though psqlodbc supports SSPI authentication by itself, it doesn't
>> look at PGKRBSRVNAME environment variable as you pointed out.
>> Could you please try the drivers on testing for 9.1.0101 at
>> http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/
>> ?
>>
>> Though psqlodbc communicates with servers by itself, it uses libpq
>> connections in some cases.
>> Setting sslmode to other than 'disable' forces psqlodbc to use libpq
>> connections.
>> Setting user name to '' also forces psqlodbc to use libpq connections.
>>
>> regards,
>> Hiroshi Inoue
>
> A connection test with the 9.1.0101 testing 32bit drivers is
> successful when 'User Name' = 'john' and 'SSL Mode' = 'allow'. When
> 'User Name' = 'john' and 'SSL Mode' = 'disable', the connection test
> responds with: Warning: GSS authentication not supported.
>
> Is there anything else I should try?

OK I updated the drivers.
PLease retry the drivers on testing for 9.1.0101 at
http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/
.

regards,
Hiroshi Inoue