Authenticate via SSPI/GSSAPI on Windows Server

From: Thomas Walther <earthnail(at)googlemail(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Authenticate via SSPI/GSSAPI on Windows Server
Date: 2009-06-04 21:26:11
Message-ID: e6f498e30906041426t212678eag97ed0a11e046666c@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hey there,
I developed a program where you must authenticate on startup. Now my
users already authenticate themselves when they login on Windows, so
basically they authenticate twice. To avoid this, the docs told me to
use GSSAPI or SSPI as psql authentication method, so my program could
use the Windows login information for connecting to PSQL.
My questions are:
1. SSPI or GSSAPI?
2. How do I set this up?
3. How do I handle it?

1. SSPI or GSSAPI?
Right now I tried getting sspi to work as at least I understood that I
had to replace md5 in pg_hba.conf with sspi. Replacing md5 with gssapi
gave me an error message. The docs aren't really clear here.

2. How do I set this up?
All clients connect to the server via RDP, so basically everyone works
/directly/ on the server (at least thats how I understand RDP). It's a
Windows Server.
My developer machine is a Windows XP machine and I tried setting up
sspi locally (I can't use the server for playground testing). Strange
behaviour: now pgAdmin asks me for the password of the user "postgres"
again, although it should actually connect as "Thomas". I tried a lot
of things, but I can't explain them here as I just did trial&error.
None worked.

3. How do I handle it?
Are Windows users automatically added to the psql database? How do I sync them?
How do I connect to psql, just specify no username/password and hit connect?

I know those are a lot of quite big questions. I'm entirely new to
that topic, I hope you can help me though!

Best regards
Thomas Walther

Browse pgsql-general by date

  From Date Subject
Next Message Niklas Johansson 2009-06-04 23:03:56 Re: limit table to one row
Previous Message Oliver Kohll - Mailing Lists 2009-06-04 21:12:44 Re: Division by zero