* Brian Crowell (brian@fluggo.com) wrote:
> On Mon, Feb 24, 2014 at 12:55 PM, Stephen Frost <sfrost@snowman.net> wrote:
> > * Brian Crowell (brian@fluggo.com) wrote:
> >> https://github.com/npgsql/Npgsql/issues/162#issuecomment-35916650
> >
> > Reading through this- can't you use GSSAPI to get the Kerberos princ
> > found the ticket which is constructed? I'm pretty sure the MIT
> > libraries support that, at least...
>
> I expected I might be able to do that on Linux, but right now I'm
> trying to work out the Windows non-domain case.
I'm afraid you're going to need to try harder to find out how to get the
Windows GSSAPI/SSPI code to give you the princ. I was actually pretty
sure that GSSAPI defined a way, but I don't know the Windows side of it
or if they decided to not bother implementing parts of GSSAPI.
> Unfortunately, in this case I don't even have a wrong-cased username
> to start with. I have the user name of the logged-in non-domain user,
> which is not the user name of the domain credentials I'm sending
> across the network.
You're going to need to figure out how to tell PG what PG user you want
to log in as in the initial packet.
> > We need the username to figure out which auth method we're using...
>
> Oh dear.
Exactly- this is not something we can solve with a little bit of
tweaking...
Thanks,
Stephen