Hello all, this patch adds support for connecting to servers running on Windows and requesting SSPI authentication. It does this by treating AUTH_REQ_SSPI the same as AUTH_REQ_GSS if no native SSPI support is available.
In addition to being generally useful, this is a workaround to a problem with MIT KfW that I encountered back in September 2010 [1]. This change has been tested and works correctly on FreeBSD 8.1, using the Kerberos and GSSAPI libraries from Heimdal 1.4. The server is running PostgreSQL 9.0.2 on Windows 2008. I originally fixed only the JDBC driver in this way [2], but then I thought that I might try applying the same logic to libpq as well. The preprocessor logic in that part of fe_sendauth() is quite impenetrable; I hope I have not broken everything else. [1] <http://archives.postgresql.org/message-id/i6cpc2%24m3h%241%40dough.gmane.org> [2] <http://archives.postgresql.org/message-id/i6org1%24mup%241%40dough.gmane.org> *** src/interfaces/libpq/fe-auth.c.orig Mon Jan 3 13:33:32 2011 --- src/interfaces/libpq/fe-auth.c Mon Jan 3 13:34:41 2011 *************** *** 831,836 **** --- 831,839 ---- #if defined(ENABLE_GSS) || defined(ENABLE_SSPI) case AUTH_REQ_GSS: + #if defined(ENABLE_GSS) && !defined(ENABLE_SSPI) + case AUTH_REQ_SSPI: + #endif { int r; *************** *** 891,896 **** --- 894,902 ---- #else case AUTH_REQ_GSS: case AUTH_REQ_GSS_CONT: + #ifndef ENABLE_SSPI + case AUTH_REQ_SSPI: + #endif printfPQExpBuffer(&conn->errorMessage, libpq_gettext("GSSAPI authentication not supported\n")); return STATUS_ERROR; *************** *** 913,923 **** } pgunlock_thread(); break; - #else - case AUTH_REQ_SSPI: - printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("SSPI authentication not supported\n")); - return STATUS_ERROR; #endif --- 919,924 ---- -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
