* Stephen Frost wrote:
* Christian Ullrich (chris@xxxxxxxxxxxxxx) wrote:
I tried to fix it using the reverse of they one-line fix that worked
in both JDBC and libpq. There, the problem was that they only
supported GSSAPI and had no clue about SSPI (except libpq on
Windows). The fix was to basically declare GSSAPI and SSPI to be the
same. It didn't work.
If Npgsql does the same as libpq-on-Windows, it should all work just
fine..
Hence my suspicion that it doesn't. I did not have the time to compare
every function call yet.
In Npgsql's case, the problem is the other way around -- it only
knows SSPI. While making GSSAPI the same as SSPI should work in
principle, there must be some difference somewhere.
Well, what happened after you hacked Npgsql? It's possible there's a
Nov 1 10:21:44 infra1 postgres[24864]: [7-1] FATAL: GSSAPI
authentication failed for user "chris"
Nov 1 10:25:27 infra1 postgres[25030]: [7-1] FATAL: accepting GSS
security context failed
Nov 1 10:25:27 infra1 postgres[25030]: [7-2] DETAIL: An unsupported
mechanism was requested: Unknown error
Nov 1 10:26:28 infra1 postgres[25079]: [7-1] FATAL: accepting GSS
security context failed
Nov 1 10:26:28 infra1 postgres[25079]: [7-2] DETAIL: An unsupported
mechanism was requested: Unknown error
Nov 1 10:30:41 infra1 postgres[25193]: [7-1] FATAL: canceling
authentication due to timeout
Nov 1 10:31:50 infra1 postgres[25277]: [7-1] FATAL: accepting GSS
security context failed
Nov 1 10:31:50 infra1 postgres[25277]: [7-2] DETAIL: An unsupported
mechanism was requested: Unknown error
Nov 1 10:39:31 infra1 postgres[25587]: [7-1] FATAL: accepting GSS
security context failed
Nov 1 10:39:31 infra1 postgres[25587]: [7-2] DETAIL: Unspecified GSS
failure. Minor code may provide more information:
Nov 1 10:44:32 infra1 postgres[25778]: [7-1] FATAL: accepting GSS
security context failed
Nov 1 10:44:32 infra1 postgres[25778]: [7-2] DETAIL: Unspecified GSS
failure. Minor code may provide more information:
Nov 1 10:44:56 infra1 postgres[25789]: [7-1] FATAL: accepting GSS
security context failed
Nov 1 10:44:56 infra1 postgres[25789]: [7-2] DETAIL: Unspecified GSS
failure. Minor code may provide more information:
At some point during that I changed the principal that Npgsql gets its
service ticket for from POSTGRES/<IP address> to POSTGRES/<host name>.
There is a comment in the source that it does not work with the host
name, with no more details, and I chose not to believe that. The result
did nothing to prove me right, though. I think it was where the errors
change from "accepting context failed" to "unspecified error", but I may
be wrong.
The GSSAPI error messages are of the usual helpful kind, even including
the colon that is followed by no detail.
I will spend more time on it once I have managed to keep my job this week.
--
Christian
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
