Re: Kerberos support broken on MSVC builds for Windows x64?

Hi

On Wed, Sep 2, 2020 at 9:05 AM Dave Page <dpage(at)pgadmin(dot)org> wrote:

>
>> Yes, that'd be in the GSSENC code, which I hadn't been expecting to be
>> used under Windows.
>
>
Here's a patch to make it build successfully (against head). I believe the
changes to Solution.pm should be back patched all the way, and the rest to
12.

Testing however, has been more problematic - I suspect at least partly
because of my Kerberos newbie-ness. I have a test server in an Ubuntu VM,
which I've used quite successfully to authenticate against another VM
running PG 12 on Ubuntu, from both Ubuntu and Windows clients. Using that,
but with a Windows client running MIT Kerberos I find that getting a ticket
takes a good 30 seconds or so. Postgres also seems to get it's ticket
successfully via the keytab file:

C:\pg>"c:\Program Files\MIT\Kerberos\bin\klist.exe"
Ticket cache: API:Initial default ccache
Default principal: dpage(at)PGADMIN(dot)ORG

Valid starting Expires Service principal
09/02/20 15:06:49 09/03/20 01:06:49 krbtgt/PGADMIN(dot)ORG(at)PGADMIN(dot)ORG
renew until 09/03/20 15:06:31
09/02/20 15:07:06 09/03/20 01:06:49 postgres/win-ilt1arj8a9c@
renew until 09/03/20 15:06:31
09/02/20 15:07:06 09/03/20 01:06:49 postgres/win-ilt1arj8a9c(at)PGADMIN(dot)ORG
renew until 09/03/20 15:06:31

However, If I try to login using host + gss in the pg_hba.conf file, I then
get:

C:\pg>bin\psql postgres
psql: error: could not connect to server: SSPI continuation error: No
credentials are available in the security package
(8009030e)

If I try to use hostgssenc + gss, it looks like it's not even trying to
encrypt:

C:\pg>bin\psql postgres
psql: error: could not connect to server: FATAL: no pg_hba.conf entry for
host "::1", user "dpage", database "postgres", SSL off

Any ideas?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: http://www.enterprisedb.com