Re: GSSAPI server side on Linux, SSPI client side on Windows
От | Christian Ullrich |
---|---|
Тема | Re: GSSAPI server side on Linux, SSPI client side on Windows |
Дата | |
Msg-id | 52792C7B.7010104@chrullrich.net обсуждение исходный текст |
Ответ на | Re: GSSAPI server side on Linux, SSPI client side on Windows (Stephen Frost <sfrost@snowman.net>) |
Ответы |
Re: GSSAPI server side on Linux, SSPI client side on Windows
(Christian Ullrich <chris@chrullrich.net>)
Re: GSSAPI server side on Linux, SSPI client side on Windows (Brian Crowell <brian@fluggo.com>) |
Список | pgsql-general |
* Stephen Frost wrote: > * Christian Ullrich (chris@chrullrich.net) wrote: >> I tried to fix it using the reverse of they one-line fix that worked >> in both JDBC and libpq. There, the problem was that they only >> supported GSSAPI and had no clue about SSPI (except libpq on >> Windows). The fix was to basically declare GSSAPI and SSPI to be the >> same. It didn't work. > > If Npgsql does the same as libpq-on-Windows, it should all work just > fine.. Hence my suspicion that it doesn't. I did not have the time to compare every function call yet. >> In Npgsql's case, the problem is the other way around -- it only >> knows SSPI. While making GSSAPI the same as SSPI should work in >> principle, there must be some difference somewhere. > > Well, what happened after you hacked Npgsql? It's possible there's a Nov 1 10:21:44 infra1 postgres[24864]: [7-1] FATAL: GSSAPI authentication failed for user "chris" Nov 1 10:25:27 infra1 postgres[25030]: [7-1] FATAL: accepting GSS security context failed Nov 1 10:25:27 infra1 postgres[25030]: [7-2] DETAIL: An unsupported mechanism was requested: Unknown error Nov 1 10:26:28 infra1 postgres[25079]: [7-1] FATAL: accepting GSS security context failed Nov 1 10:26:28 infra1 postgres[25079]: [7-2] DETAIL: An unsupported mechanism was requested: Unknown error Nov 1 10:30:41 infra1 postgres[25193]: [7-1] FATAL: canceling authentication due to timeout Nov 1 10:31:50 infra1 postgres[25277]: [7-1] FATAL: accepting GSS security context failed Nov 1 10:31:50 infra1 postgres[25277]: [7-2] DETAIL: An unsupported mechanism was requested: Unknown error Nov 1 10:39:31 infra1 postgres[25587]: [7-1] FATAL: accepting GSS security context failed Nov 1 10:39:31 infra1 postgres[25587]: [7-2] DETAIL: Unspecified GSS failure. Minor code may provide more information: Nov 1 10:44:32 infra1 postgres[25778]: [7-1] FATAL: accepting GSS security context failed Nov 1 10:44:32 infra1 postgres[25778]: [7-2] DETAIL: Unspecified GSS failure. Minor code may provide more information: Nov 1 10:44:56 infra1 postgres[25789]: [7-1] FATAL: accepting GSS security context failed Nov 1 10:44:56 infra1 postgres[25789]: [7-2] DETAIL: Unspecified GSS failure. Minor code may provide more information: At some point during that I changed the principal that Npgsql gets its service ticket for from POSTGRES/<IP address> to POSTGRES/<host name>. There is a comment in the source that it does not work with the host name, with no more details, and I chose not to believe that. The result did nothing to prove me right, though. I think it was where the errors change from "accepting context failed" to "unspecified error", but I may be wrong. The GSSAPI error messages are of the usual helpful kind, even including the colon that is followed by no detail. I will spend more time on it once I have managed to keep my job this week. -- Christian
В списке pgsql-general по дате отправления:
Предыдущее
От: Stephen FrostДата:
Сообщение: Re: GSSAPI server side on Linux, SSPI client side on Windows