* Gregory Stark ([EMAIL PROTECTED]) wrote: > Am I right in thinking that while the client<->postgres protocol may be the > same the actual authentication tokens are different? That is, if you have a > Windows Active Directory server then using SSPI will use your Windows > credentials obtained from that server to log you in whereas if you used the > MIT GSSAPI library it would try to use your Kerberos tickets for which it > would > look elsewhere?
This *can* be true, and in fact is *exactly* what I do. The MIT client comes with an option (enabled by default actually) to sync up the MIT ticket cache with the SSPI one though. > What confuses me here is that I don't understand how this relates to > applications. You keep talking about using the connection string which may be > appropriate for a user-oriented application like psql. But in the general case > surely the application needs to be able to control the authentication process > and be able to provide credentials of its choice? We're talking about user-oriented applications... Specifically things like psql and Postgres ODBC, which use user's credentials to connect to the database and don't have their own credentials... Thanks, Stephen
signature.asc
Description: Digital signature