| From: | John Slattery <johntslattery(at)gmail(dot)com> |
|---|---|
| To: | Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> |
| Cc: | pgsql-odbc(at)postgresql(dot)org |
| Subject: | Re: GSSAPI Authentication Problem |
| Date: | 2012-08-07 20:03:05 |
| Message-ID: | CA+hybRUC=v51Dnitim+GRtDLP8cGJxkbBRpgJ3-8RLXXngpbWw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-odbc |
On Tue, Aug 7, 2012 at 1:42 PM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
> (2012/08/07 23:13), John Slattery wrote:
>>
>> On Tue, Aug 7, 2012 at 5:51 AM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>>>
>>> (2012/08/07 1:02), John Slattery wrote:
>>>>
>>>>
>>>> On Sat, Aug 4, 2012 at 3:50 AM, Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> wrote:
>>>>>
>>>>>
>>>>> Hi John,
>>>>>
>>>>>
>>>>> (2012/08/03 21:31), John Slattery wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I would like to report what seems like a problem with the driver. It
>>>>>> doesn't seem possible to override the default user name for
>>>>>> authentication by GSSAPI. I'm using a map in pg_ident.conf since my
>>>>>> Active Directory user name isn't the same as my Postgresql user name.
>>>>>> pgAdmin III and psql allow for this, the former by setting Username in
>>>>>> the GUI to my Postgresql user name and the latter by specifying the -U
>>>>>> option. I tried setting UID in the connection string I am using to my
>>>>>> Postgresql user name but that caused the driver to return the
>>>>>> following exception:
>>>>>>
>>>>>> Run-time error '-2147217843 <tel:2147217843> (800040e4d)':
>>>>>>
>>>>>> Service negotiation failed;
>>>>>> The specified target is unknown or unreachable in
>>>>>> DoKerberosEtcProcessAuthentication:PerformKerberosEtcClientHandSh
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> How do you login to your Kerberos system?
>>>>>
>>>>> regards,
>>>>> Hiroshi Inoue
>>>>>
>>>>
>>>> Hiroshi,
>>>>
>>>> I'm not sure I understand your question, but I'll take a shot at
>>>> answering it. The client is Windows XP, so I would say I'm using the
>>>> standard/default Windows GINA for Winlogon.
>>>
>>>
>>>
>>> OK I'd like to confirm SSPI is used.
>>> Could you try to set SSLMODE to 'allow' with the user name John?
>>>
>>> regards,
>>> Hiroshi Inoue
>>>
>>
>> Hiroshi,
>>
>> I set 'User Name' = 'john' and changed 'SSL Mode' from 'disable' to
>> 'allow'.
>>
>> It worked.
>>
>> And I'm baffled. Is there a reason it shouldn't work with 'SSL Mode' =
>> 'disable'? Would you explain?
>
>
> Though psqlodbc supports SSPI authentication by itself, it doesn't
> look at PGKRBSRVNAME environment variable as you pointed out.
> Could you please try the drivers on testing for 9.1.0101 at
> http://www.ne.jp/asahi/inocchichichi/entrance/psqlodbc/
> ?
>
> Though psqlodbc communicates with servers by itself, it uses libpq
> connections in some cases.
> Setting sslmode to other than 'disable' forces psqlodbc to use libpq
> connections.
> Setting user name to '' also forces psqlodbc to use libpq connections.
>
> regards,
> Hiroshi Inoue
A connection test with the 9.1.0101 testing 32bit drivers is
successful when 'User Name' = 'john' and 'SSL Mode' = 'allow'. When
'User Name' = 'john' and 'SSL Mode' = 'disable', the connection test
responds with: Warning: GSS authentication not supported.
Is there anything else I should try?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2012-08-08 01:16:18 | Fwd: [BUGS] Small bug in psqlodbc-09.01 prevents interoperability with LISTSERV |
| Previous Message | Hiroshi Inoue | 2012-08-07 18:42:07 | Re: GSSAPI Authentication Problem |