Re: "could not accept SSPI security context"

Поиск
Список
Период
Сортировка
От Ahmed
Тема Re: "could not accept SSPI security context"
Дата
Msg-id CABdd=7RV0WCXhsjUxsQDOGTWRsX+uq1iasnskTFOxW1gstTF3Q@mail.gmail.com
обсуждение исходный текст
Ответ на Re: "could not accept SSPI security context"  (G_Hosa_Phat <jgamble@ciaokc.com>)
Ответы Re: "could not accept SSPI security context"  (G_Hosa_Phat <jgamble@ciaokc.com>)
Список pgsql-general
Дерево обсуждения
Hi,

In my email, I mistakenly assumed that the next version would be 2.0.12.0, which was not. My bad.

I checked the source and confirmed that the 2.0.11.0 has the bug, and the immediate next version (2.0.11.91) has the fix. You can use the version 2.0.11.92, which is the latest stable release.


-Ahmed


On Sat, Jan 21, 2012 at 7:31 AM, G_Hosa_Phat [via PostgreSQL] <[hidden email]> wrote:
Brar Piening wrote
Just a guess: You don't have something like "host all all 127.0.0.1/32
sspi" in your pg_hba.conf do you?

Regards,

Brar
I don't have that set.  Here's a sample from my pg_hba (slightly redacted to obfuscate our internal network address scheme).

# TYPE DATABASE USER CIDR-ADDRESS METHOD
# ---------------------------------------------------------------------
#                        IPv4 LOCAL CONNECTIONS                        
# ---------------------------------------------------------------------
# Connections made from the server computer itself are only allowed if
# the user is a member of the Developers group, or a Super User.
# ---------------------------------------------------------------------
host all pgsuper 127.0.0.1/32 md5
host all +"ITDept" 127.0.0.1/32 sspi
host all all 127.0.0.1/32 reject
# ---------------------------------------------------------------------
#                       IPv4 INTRANET CONNECTIONS                      
# ---------------------------------------------------------------------
# If the IP address from which the request comes indicates that the
# user is on the Courtesy network and is physically located in one of
# our offices (Oklahoma City or Tulsa), use sspi authentication to
# validate the users credentials against Courtesy’s Active Directory.
# ---------------------------------------------------------------------
# Internal Network
# ---------------------------------------------------------------------
host    all             pgsuper 172.16.10.0/24 md5
host    all             +"Laptop" 172.16.10.50/32 ldap ldapserver=ADSERVERNAME ldapprefix="MYDOMAIN\"
host    all             +"ITDept" 172.16.10.0/24 sspi
host    appdb +"Users" 172.16.10.0/24 sspi
# ---------------------------------------------------------------------
# Deny connection attempts from any source not explicitly identified
# in the rules above.
# ---------------------------------------------------------------------
host all             all 0.0.0.0/0 reject


# IPv6 local connections:
host all pgsuper ::1/128 md5
host all +"ITDept" ::1/128 sspi
host all all ::1/128 reject

There are some specific requirements addressed in the configuration file, and I'd love to ask some more questions about how to implement some of them, but those aren't in the scope of this thread.  On this topic, however, this configuratoin correctly uses the SSPI authentication when I try to connect to the database through PGAdmin (I'm a member of the "ITDept" group), but not when I'm testing my VB.NET application, it fails on the authentication with the error from the thread title.

If you reply to this email, your message will be added to the discussion below:
http://postgresql.1045698.n5.nabble.com/could-not-accept-SSPI-security-context-tp3275102p5162113.html
To unsubscribe from "could not accept SSPI security context", click here.
NAML


View this message in context: Re: "could not accept SSPI security context"
Sent from the PostgreSQL - general mailing list archive at Nabble.com.

В списке pgsql-general по дате отправления:

Предыдущее
От: caracan
Дата:
Сообщение: xml, xpath,postgres 9.1
Следующее
От: Chris Angelico
Дата:
Сообщение: Re: Best way to create unique primary keys across schemas?