On Mon, Nov 11, 2013 at 10:51 PM, Brian Crowell <brian@xxxxxxxxxx> wrote: > I think I'm getting closer though. I have psql on Windows successfully > authenticating, so I can't be too far off. Got it. The NpgsqlPasswordPacket class has a bug: a utility function it calls appends a null character to the data, which completely screws up GSSAPI. Now that I fixed that, I've got successful integrated authentication from Windows to PostgreSQL on Linux. However: * If I don't specify my username, Npgsql sends it in lowercase "bcrowell" * Npgsql isn't sending the realm, and I've got PostgreSQL configured to expect it Otherwise, it's working. As far as I know, the changes necessary are: * Use hostname in the SPN instead of IP address * Use "kerberos" package in AcquireCredentialsHandle call instead of "negotiate" * Fix PGUtil.WriteBytes to not send the extra null (this method is only used by NpgsqlPasswordPacket, but this fix will most likely break other authentication methods) * As stated above, may need to specify username manually (UserName = "BCrowell@xxxxxxxxxx"); I want to fix this If I figure out the username issue, I'll submit a patch. Also, in my case, it doesn't seem to matter for the SPN whether the service name is "postgres" or "POSTGRES." I've got PostgreSQL set to "postgres", and Npgsql is specifying "POSTGRES", but I also at some point configured two sets of SPNs on the domain for uppercase and lowercase, so I don't know if that's a mitigating factor. —Brian -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
