Re: [HACKERS] SSPI authentication

2007-07-18 Thread plabrh1
AIL PROTECTED] Sent: Wednesday, July 18, 2007 6:42 AM To: Paul Silveira Cc: pgsql-hackers@postgresql.org Subject: Re: [HACKERS] SSPI authentication On Tue, Jul 17, 2007 at 11:00:35AM -0700, Paul Silveira wrote: > > This is great. I've worked on 2 projects in the last year that desp

Re: [HACKERS] SSPI authentication

2007-07-18 Thread Magnus Hagander
On Tue, Jul 17, 2007 at 11:00:35AM -0700, Paul Silveira wrote: > > This is great. I've worked on 2 projects in the last year that desperately > needed this. It will certainly make the security model more seamless... Thanks for letting us know. Are you interested in just the SSPI parts, or also

Re: [HACKERS] SSPI authentication

2007-07-18 Thread Magnus Hagander
On Wed, Jul 18, 2007 at 09:44:02AM +0100, Dave Page wrote: > Magnus Hagander wrote: > > Dave Page wrote: > >> Magnus Hagander wrote: > >>> So what we'd need in that case is a new libpq connectionstring > >>> parameter. Which can be done, but it'd require that all frontends that > >>> use libpq add

Re: [HACKERS] SSPI authentication

2007-07-18 Thread Dave Page
Magnus Hagander wrote: > Dave Page wrote: >> Magnus Hagander wrote: >>> So what we'd need in that case is a new libpq connectionstring >>> parameter. Which can be done, but it'd require that all frontends that >>> use libpq add support for it - such as pgadmin. I'm not sure if the ODBC >>> driver w

Re: [HACKERS] SSPI authentication

2007-07-17 Thread Paul Silveira
This is great. I've worked on 2 projects in the last year that desperately needed this. It will certainly make the security model more seamless... -Paul Magnus Hagander-2 wrote: > > A quick status update on the SSPI authentication part of the GSSAPI > project. > > I have libpq SSPI workin

Re: [HACKERS] SSPI authentication

2007-07-17 Thread Magnus Hagander
Dave Page wrote: > Magnus Hagander wrote: >> So what we'd need in that case is a new libpq connectionstring >> parameter. Which can be done, but it'd require that all frontends that >> use libpq add support for it - such as pgadmin. I'm not sure if the ODBC >> driver will support arbitrary argument

Re: [HACKERS] SSPI authentication

2007-07-17 Thread Magnus Hagander
Stephen Frost wrote: > * Magnus Hagander ([EMAIL PROTECTED]) wrote: >> Stephen Frost wrote: >>> If both are made available then I think that'd work fine for us. I'm >>> concerned that the windows builds wouldn't include a version of libpq w/ >>> GSSAPI... >> The default build wouldn't. The binary

Re: [HACKERS] SSPI authentication

2007-07-17 Thread Dave Page
Magnus Hagander wrote: > So what we'd need in that case is a new libpq connectionstring > parameter. Which can be done, but it'd require that all frontends that > use libpq add support for it - such as pgadmin. I'm not sure if the ODBC > driver will support arbitrary arguments, otherwise that one n

Re: [HACKERS] SSPI authentication

2007-07-17 Thread Stephen Frost
* Magnus Hagander ([EMAIL PROTECTED]) wrote: > Stephen Frost wrote: > > If both are made available then I think that'd work fine for us. I'm > > concerned that the windows builds wouldn't include a version of libpq w/ > > GSSAPI... > > The default build wouldn't. The binary build wouldn't. If yo

Re: [HACKERS] SSPI authentication

2007-07-16 Thread Magnus Hagander
Stephen Frost wrote: > * Magnus Hagander ([EMAIL PROTECTED]) wrote: >>> The way this is handled in a number of other applications (putty being >>> the one that comes to mind easily) is that two DLLs are built- one for >>> SSPI and one for GSSAPI and you can easily switch between them on the >>> cli

Re: [HACKERS] SSPI authentication

2007-07-16 Thread Stephen Frost
* Magnus Hagander ([EMAIL PROTECTED]) wrote: > > The way this is handled in a number of other applications (putty being > > the one that comes to mind easily) is that two DLLs are built- one for > > SSPI and one for GSSAPI and you can easily switch between them on the > > client. That'd work fine

Re: [HACKERS] SSPI authentication

2007-07-16 Thread Magnus Hagander
Stephen Frost wrote: > * Magnus Hagander ([EMAIL PROTECTED]) wrote: >> Stephen Frost wrote: >>> I'm not quite sure if that would affect what we do but it sounds like it >>> might. The main thing we use on the clients wrt Postgres is the ODBC >>> driver but I've used psql once or twice and have be

Re: [HACKERS] SSPI authentication

2007-07-16 Thread Stephen Frost
* Magnus Hagander ([EMAIL PROTECTED]) wrote: > Stephen Frost wrote: > > I'm not quite sure if that would affect what we do but it sounds like it > > might. The main thing we use on the clients wrt Postgres is the ODBC > > driver but I've used psql once or twice and have been trying to get > > peo

Re: [HACKERS] SSPI authentication

2007-07-16 Thread Magnus Hagander
Stephen Frost wrote: > * Magnus Hagander ([EMAIL PROTECTED]) wrote: >> I've set it up as a different way of doing GSSAPI authentication. This >> means that if you can't have both SSPI and MIT KRB GSSAPI in the same >> installation. I don't see a problem with this - 99.9% of windows users >> will ju

Re: [HACKERS] SSPI authentication

2007-07-16 Thread Stephen Frost
* Magnus Hagander ([EMAIL PROTECTED]) wrote: > I've set it up as a different way of doing GSSAPI authentication. This > means that if you can't have both SSPI and MIT KRB GSSAPI in the same > installation. I don't see a problem with this - 99.9% of windows users > will just want the SSPI version an

[HACKERS] SSPI authentication

2007-07-16 Thread Magnus Hagander
A quick status update on the SSPI authentication part of the GSSAPI project. I have libpq SSPI working now, with a few hardcoded things still in there to be fixed. But it means that I can connect to a linux server using kerberos/GSSAPI *without* the need to set up MIR Kerberos libraries and settin