| From: | Brian Crowell <brian(at)fluggo(dot)com> |
|---|---|
| To: | Christian Ullrich <chris(at)chrullrich(dot)net> |
| Cc: | "pgsql-general(at)postgresql(dot)org >> PG-General Mailing List" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: GSSAPI server side on Linux, SSPI client side on Windows |
| Date: | 2013-11-12 15:27:14 |
| Message-ID: | CAAQkdDobA6G8X7xaKtzsLMSiZB3T_6otrGf-pXmfsbdXKz_-mA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Nov 11, 2013 at 11:56 PM, Christian Ullrich
<chris(at)chrullrich(dot)net> wrote:
>> On Mon, Nov 11, 2013 at 10:51 PM, Brian Crowell <brian(at)fluggo(dot)com> wrote:
>> * If I don't specify my username, Npgsql sends it in lowercase "bcrowell"
>
> Hmm. That is related one problem I've been having with SSPI auth from libpq/ODBC. The database treats the claimed user name case-sensitively when looking up the user info in pg_authid, and if the user logged on to Windows with a name differing in case from what the database thinks it is, authentication fails. Npgsql sending it always in lower case is precisely what I landed on as a workaround (basically overriding libpq's automatic user name detection in the ODBC connection string by appending a UID option).
The message I get in the log is "provided user name
(bcrowell(at)REALM(dot)COM) and authenticated username (BCrowell(at)REALM(dot)COM)
do not match," so it looks like I have to teach Npgsql to match
whatever Windows is sending in GSSAPI. That, or teach Postgres how to
lowercase the name on arrival.
What did you do to get around this?
—Brian
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christian Ullrich | 2013-11-12 16:03:45 | Re: GSSAPI server side on Linux, SSPI client side on Windows |
| Previous Message | gajendra s v | 2013-11-12 15:16:16 | select Xpath is returning values with {} |