Обсуждение: gssenc supported?
Hello, I've just installed the latest pgAdmin for Windows on a Windows 11 PC. I'm trying to set up a connection to a Kerberos-enabled Postgres server where hostgssenc is the only connection type allowed. So in the connection definition in pgAdmin, I've set "gssencmode" to "require". When I then try to connect to the database server, I get the following error: connection is bad: gssencmode value "require" invalid when GSSAPI support is not compiled in So is there a way to have pgAdmin connect with gssenc (Kerberos-encrypted communication) enabled? -- Regards, Troels Arvin
Hi,
On Sun, Jan 19, 2025 at 5:04 PM Troels Arvin <troels@arvin.dk> wrote:
Hello,
I've just installed the latest pgAdmin for Windows on a Windows 11 PC.
I'm trying to set up a connection to a Kerberos-enabled Postgres server
where hostgssenc is the only connection type allowed. So in the
connection definition in pgAdmin, I've set "gssencmode" to "require".
When I then try to connect to the database server, I get the following
error:
connection is bad: gssencmode value "require" invalid when GSSAPI
support is not compiled in
So is there a way to have pgAdmin connect with gssenc
(Kerberos-encrypted communication) enabled?
Have you tried connecting Postgres Server with PSQL?
The error, GSSAPI supports is not compiled raised by PostgreSQL, not by pgAdmin.
The error, GSSAPI supports is not compiled raised by PostgreSQL, not by pgAdmin.
--
Regards,
Troels Arvin
Hello, Khushboo Vashi wrote: > Have you tried connecting Postgres Server with PSQL? Yes, I've tried the psql.exe which is shippe with pgadmin. And I've tried psql.exe from the latest Windows installer from https://www.enterprisedb.com/downloads/postgres-postgresql-downloads Both work when having hostnogssenc in pg_hba.conf. But both do not work when hostgssenc is used in pg_hba.conf. Does someone know why those binaries are not compiled with support for hostgssenc? -- Regards, Troels Arvin
On Tue, Jan 21, 2025 at 10:21 PM Troels Arvin <troels@arvin.dk> wrote:
Hello,
Khushboo Vashi wrote:
> Have you tried connecting Postgres Server with PSQL?
Yes, I've tried the psql.exe which is shippe with pgadmin. And I've
tried psql.exe from the latest Windows installer from
https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
Both work when having hostnogssenc in pg_hba.conf. But both do not work
when hostgssenc is used in pg_hba.conf.
Does someone know why those binaries are not compiled with support for
hostgssenc?
It looks like your PostgreSQL server wasn't built with GSSAPI support.
--
Regards,
Troels Arvin
Hello,
Khushboo Vashi wrote:
It looks like your PostgreSQL server wasn't built with GSSAPI support.
Oh, but it is:
In output from the server's pg_config, it mentions --with-gssapi. And when I connect to the server from a Ubuntu or Fedora psql, my connection status indeed mentions GSS:
============================
aduser@dbclient:~$ psql -h dbserver.demo.troels.arvin.dk
psql (16.6 (Ubuntu 16.6-0ubuntu0.24.10.1))
GSSAPI-encrypted connection
Type "help" for help.
aduser=#
============================
--
Regards,
Troels Arvin
Hi
On Tue, 21 Jan 2025 at 16:51, Troels Arvin <troels@arvin.dk> wrote:
Hello,
Khushboo Vashi wrote:
> Have you tried connecting Postgres Server with PSQL?
Yes, I've tried the psql.exe which is shippe with pgadmin. And I've
tried psql.exe from the latest Windows installer from
https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
Both work when having hostnogssenc in pg_hba.conf. But both do not work
when hostgssenc is used in pg_hba.conf.
Does someone know why those binaries are not compiled with support for
hostgssenc?
We don't build the binaries that we ship with pgAdmin on Windows with GSSAPI support, for a couple of reasons. First, there's actually a long-standing bug [1] in PostgreSQL that prevents compilation on Windows with both MIT Kerberos and OpenSSL together (I've tried multiple backchannels to get that fix committed - please feel free to chime in on the thread). Secondly, people almost exclusively use SSPI on Windows. You are actually the first person I recall ever wanting GSSAPI support.
FWIW, we ship MIT Kerberos anyway (for handling app logins). Adding GSSAPI support would be trivial, if the upstream bug were fixed.
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org