Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Integrated Security #142

Closed
vlad-bezden opened this issue May 13, 2017 · 3 comments · Fixed by #1128
Closed

Windows Integrated Security #142

vlad-bezden opened this issue May 13, 2017 · 3 comments · Fixed by #1128
Labels
enhancement

Comments

@vlad-bezden
Copy link

I could not find out information how to use Windows Integrated Security with asyncpg. I tried to add Integrated Security to the dictionary, but it did not work.

    SERVER_SETTINGS = {'IntegratedSecurity': 'True'}

    conn = await asyncpg.connect(host=HOST,
                                 port=PORT,
                                 user=USER,
                                 database=DATABASE,
                                 server_settings=SERVER_SETTINGS)

I'm always getting following error back:

Traceback (most recent call last):
  File "c:\DEV\PythonPlayground\testdb.py", line 28, in <module>
    loop.run_until_complete(run())
  File "C:\Users\vbezden\AppData\Local\Programs\Python\Python36-32\lib\asyncio\base_events.py", line 466, in run_until_complete
    return future.result()
  File "c:\DEV\PythonPlayground\testdb.py", line 21, in run
    server_settings=SERVER_SETTINGS)
  File "C:\dev\venv\lib\site-packages\asyncpg\connection.py", line 1187, in connect
    max_cacheable_statement_size=max_cacheable_statement_size)
  File "C:\dev\venv\lib\site-packages\asyncpg\connect_utils.py", line 306, in _connect
    raise last_error
  File "C:\dev\venv\lib\site-packages\asyncpg\connect_utils.py", line 298, in _connect
    connection_class=connection_class)
  File "C:\dev\venv\lib\site-packages\asyncpg\connect_utils.py", line 274, in _connect_addr
    await asyncio.wait_for(connected, loop=loop, timeout=timeout)
  File "C:\Users\abc\AppData\Local\Programs\Python\Python36-32\lib\asyncio\tasks.py", line 356, in wait_for
    raise futures.TimeoutError()
concurrent.futures._base.TimeoutError
@elprans
Copy link
Member

elprans commented May 15, 2017

asyncpg does not support GSSAPI/Kerberos authentication yet.

@JJsrc
Copy link

JJsrc commented Aug 20, 2019

Any plans to support it?

@eltoder
Copy link
Contributor

eltoder commented Mar 4, 2024

asyncpg now supports GSSAPI, but "Windows Integrated Authentication" actually uses SSPI, which is slightly different:
https://wiki.postgresql.org/wiki/Configuring_for_single_sign-on_using_SSPI_on_Windows
https://www.postgresql.org/docs/current/sspi-auth.html

This should not be hard to add, but I don't have anywhere to test it.

eltoder added a commit to eltoder/asyncpg that referenced this issue Mar 5, 2024
@eltoder
Implement SSPI authentication
765b30b 
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI
interoperate as clients and servers. Postgres documentation recommends
using SSPI on Windows clients and servers and GSSAPI on non-Windows
platforms[1].

Changes in this PR:

* Support AUTH_REQUIRED_SSPI server request. This is the same as
  AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients.

* Allow using SSPI on the client. Which library to use can be specified
  using the `gsslib` connection parameter.

* Use SSPI instead of GSSAPI on Windows by default. The latter requires
  installing Kerberos for Windows and is unlikely to work out of the
  box.

Closes MagicStack#142

[1] https://www.postgresql.org/docs/current/sspi-auth.html
@eltoder eltoder mentioned this issue Mar 5, 2024
Merged
eltoder added a commit to eltoder/asyncpg that referenced this issue Mar 5, 2024
@eltoder
Implement SSPI authentication
c0219f1 
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI
interoperate as clients and servers. Postgres documentation recommends
using SSPI on Windows clients and servers and GSSAPI on non-Windows
platforms[1].

Changes in this PR:

* Support AUTH_REQUIRED_SSPI server request. This is the same as
  AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients.

* Allow using SSPI on the client. Which library to use can be specified
  using the `gsslib` connection parameter.

* Use SSPI instead of GSSAPI on Windows by default. The latter requires
  installing Kerberos for Windows and is unlikely to work out of the
  box.

Closes MagicStack#142

[1] https://www.postgresql.org/docs/current/sspi-auth.html
eltoder added a commit to eltoder/asyncpg that referenced this issue Mar 5, 2024
@eltoder
Implement SSPI authentication
72a5fda 
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI
interoperate as clients and servers. Postgres documentation recommends
using SSPI on Windows clients and servers and GSSAPI on non-Windows
platforms[1].

Changes in this PR:

* Support AUTH_REQUIRED_SSPI server request. This is the same as
  AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients.

* Allow using SSPI on the client. Which library to use can be specified
  using the `gsslib` connection parameter.

* Use SSPI instead of GSSAPI on Windows by default. The latter requires
  installing Kerberos for Windows and is unlikely to work out of the
  box.

Closes MagicStack#142

[1] https://www.postgresql.org/docs/current/sspi-auth.html
eltoder added a commit to eltoder/asyncpg that referenced this issue Mar 6, 2024
@eltoder
Implement SSPI authentication
69375b1 
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI
interoperate as clients and servers. Postgres documentation recommends
using SSPI on Windows clients and servers and GSSAPI on non-Windows
platforms[1].

Changes in this PR:

* Support AUTH_REQUIRED_SSPI server request. This is the same as
  AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients.

* Allow using SSPI on the client. Which library to use can be specified
  using the `gsslib` connection parameter.

* Use SSPI instead of GSSAPI on Windows by default. The latter requires
  installing Kerberos for Windows and is unlikely to work out of the
  box.

Closes MagicStack#142

[1] https://www.postgresql.org/docs/current/sspi-auth.html
elprans pushed a commit that referenced this issue Mar 11, 2024
@eltoder
Implement SSPI authentication (#1128)
1aab209 
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI
interoperate as clients and servers. Postgres documentation recommends
using SSPI on Windows clients and servers and GSSAPI on non-Windows
platforms[1].

Changes in this PR:

* Support AUTH_REQUIRED_SSPI server request. This is the same as
  AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients.

* Allow using SSPI on the client. Which library to use can be specified
  using the `gsslib` connection parameter.

* Use SSPI instead of GSSAPI on Windows by default. The latter requires
  installing Kerberos for Windows and is unlikely to work out of the
  box.

Closes #142

[1] https://www.postgresql.org/docs/current/sspi-auth.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement SSPI authentication eltoder/asyncpg
4 participants
@elprans @JJsrc @eltoder @vlad-bezden