Em 12/11/2013 03:37, "Brian Crowell" <br...@fluggo.com> escreveu: > > On Mon, Nov 11, 2013 at 10:51 PM, Brian Crowell <br...@fluggo.com> wrote: > > I think I'm getting closer though. I have psql on Windows successfully > > authenticating, so I can't be too far off. > > Got it. > > The NpgsqlPasswordPacket class has a bug: a utility function it calls > appends a null character to the data, which completely screws up > GSSAPI. Now that I fixed that, I've got successful integrated > authentication from Windows to PostgreSQL on Linux. >
That's great! We have made a lot of changes to those utility functions and now we have methods which don't append that null char. > However: > > * If I don't specify my username, Npgsql sends it in lowercase "bcrowell" > * Npgsql isn't sending the realm, and I've got PostgreSQL configured > to expect it > > Otherwise, it's working. As far as I know, the changes necessary are: > > * Use hostname in the SPN instead of IP address > * Use "kerberos" package in AcquireCredentialsHandle call instead of "negotiate" > * Fix PGUtil.WriteBytes to not send the extra null (this method is > only used by NpgsqlPasswordPacket, but this fix will most likely break > other authentication methods) > * As stated above, may need to specify username manually (UserName = > "bcrow...@domain.com"); I want to fix this > > If I figure out the username issue, I'll submit a patch. > Excellent, Brian! I'm looking forward your patch. Npgsql source can be found at github.com/npgsql/Npgsql If you need any help to understand Npgsql, please let me know. Unfortunately as I'm not the original developer of the sspi code, I may not be very helpful on this specific issue, but I can help you out regarding other parts of Npgsql code. > Also, in my case, it doesn't seem to matter for the SPN whether the > service name is "postgres" or "POSTGRES." I've got PostgreSQL set to > "postgres", and Npgsql is specifying "POSTGRES", but I also at some > point configured two sets of SPNs on the domain for uppercase and > lowercase, so I don't know if that's a mitigating factor. > It would be awesome if you could write a little guide about how to configure PostgreSQL to work with sspi authentication from Windows. I could add it to our Npgsql user manual... Thank you all for having a look at those Npgsql authentication issues. > —Brian > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general