* Gregory Stark ([EMAIL PROTECTED]) wrote: > Am I right in thinking that while the client<->postgres protocol may be the > same the actual authentication tokens are different? That is, if you have a > Windows Active Directory server then using SSPI will use your Windows > credentials obtained from that server to log you in whereas if you used the > MIT GSSAPI library it would try to use your Kerberos tickets for which it > would > look elsewhere?
This *can* be true, and in fact is *exactly* what I do. The MIT client
comes with an option (enabled by default actually) to sync up the MIT
ticket cache with the SSPI one though.
> What confuses me here is that I don't understand how this relates to
> applications. You keep talking about using the connection string which may be
> appropriate for a user-oriented application like psql. But in the general case
> surely the application needs to be able to control the authentication process
> and be able to provide credentials of its choice?
We're talking about user-oriented applications... Specifically things
like psql and Postgres ODBC, which use user's credentials to connect to
the database and don't have their own credentials...
Thanks,
Stephen
signature.asc
Description: Digital signature
