* Francisco Figueiredo Jr. wrote:
> On Tue, Nov 5, 2013 at 2:35 PM, Christian Ullrich <chris@chrullrich.net
> <mailto:chris@chrullrich.net>> wrote:
>
> * Stephen Frost wrote:
>
> * Brian Crowell (brian@fluggo.com <mailto:brian@fluggo.com>) wrote:
>
> However, the eventual goal was to connect to this same
> server from a
> .NET app running on Windows, and here I've run into a snag.
> The Npgsql
> library does not support GSSAPI—it only supports SSPI, which is
> nearly-but-not-enough-like the same thing to count in this
> situation,
>
>
> Uhhh, why not?
>
>
> Because the server on Linux sends AUTH_REQ_GSS, which Npgsql does
> not recognize.
>
> I tried to fix it using the reverse of they one-line fix that worked
> in both JDBC and libpq. There, the problem was that they only
> supported GSSAPI and had no clue about SSPI (except libpq on
> Windows). The fix was to basically declare GSSAPI and SSPI to be the
> same. It didn't work.
>
> In Npgsql's case, the problem is the other way around -- it only
> knows SSPI. While making GSSAPI the same as SSPI should work in
> principle, there must be some difference somewhere.
>
>
>
> Did you make your changes in the NpgsqlState.cs file?
Yes.
> Also, while checking this part of the code, it seems Npgsql isn't
> handling the AuthenticationGSS message. It is only handling
> AuthenticationGSSContinue messages.
>
> I think you could try adding the AuthenticationGSS case to Npgsql
> and see if it can authenticate correctly. You could add a second
> switch case below the case
> AuthenticationRequestType.AuthenticationSSPI and see if Npgsql can
> also handle the GSS authentication correctly.
That is exactly what I did.
I remember from my work on libpq that there is a slight difference in
how it handles the two authentication types, but there it is just a flag
for whether to treat the user name case-sensitively or not. Here, I
control the case of the user part of the UPN, the claimed user name in
the startup packet, and the role name in the database, and I know they
are all identical. Therefore it should not matter for now whether Npgsql
has similar logic already. To make GSSAPI support production-ready, I
may have to add it, of course.
--
Christian