Re: GSSAPI server side on Linux, SSPI client side on Windows

I've thought of one option, which I'm investigating: implementing
GSSAPI support in Npgsql. Microsoft claims this is possible using the
SSPI API: http://msdn.microsoft.com/en-us/library/windows/desktop/aa380496(v=vs.85).aspx

—Brian

On Wed, Oct 30, 2013 at 3:16 PM, Brian Crowell <brian(at)fluggo(dot)com> wrote:
> Hello again!
>
> I've been setting up my PostgreSQL server by doing something I've
> never done before: I've joined a Linux server to a domain so I can use
> integrated Kerberos authentication from server to server.
>
> I've managed to make this work from Linux machine to Linux machine. On
> the client, I retrieve my Kerberos ticket with kinit, and then I can
> use psql with my username to connect to the server without a password
> over GSSAPI. So far, so good.
>
> However, the eventual goal was to connect to this same server from a
> .NET app running on Windows, and here I've run into a snag. The Npgsql
> library does not support GSSAPI—it only supports SSPI, which is
> nearly-but-not-enough-like the same thing to count in this situation,
> because I can't seem to configure my PostgreSQL on Linux to accept
> SSPI. If I try it, I get the error:
>
> invalid authentication method "sspi": not supported by this build
>
> The docs say that SSPI is supported if GSSAPI is available
> (http://www.postgresql.org/docs/9.3/static/auth-methods.html#SSPI-AUTH)
> Is this just a matter of me running the wrong build? I'm using
> PostgreSQL 9.3 from the official builds for Debian 6.
>
> If the docs are wrong, and SSPI isn't available server-side on Linux,
> what are my other options?
>
> —Brian