2

I am using nHibernate + Npgsql to connect to PostgreSQL server using windows authentication (SSPI). I have added the windows user to the Postgres and have configured the settings as recommended by http://wiki.postgresql.org/wiki/Configuring_for_single_sign-on_using_SSPI_on_Windows.

Here is my connection string: "Server=;Port=5432;Database=;Integrated Security=true"

This is my code:

if (!sessionFactories.TryGetValue(sessionFactoryConfigPath, out sessionFactory))
            {
                Configuration cfg = new Configuration();
                if (sessionFactoryConfigPath != DefaultConfigFile)
                {
                    //Check.Require(File.Exists(sessionFactoryConfigPath),
                    //    "The config file at '" + sessionFactoryConfigPath + "' could not be found");

                    cfg.Configure(sessionFactoryConfigPath);

                }
                else
                {
                    cfg.Configure();
                }


                //  Now that we have our Configuration object, create a new SessionFactory
                sessionFactory = cfg.BuildSessionFactory();

When I run this I get the following error at sessionFactory = cfg.BuildSessionFactory(); "FATAL: XX000: could not accept SSPI security context"

When I checked the PostgreSQL logs the following entry was found: "The token supplied to the function is invalid (80090308)"

I am using "PostgreSQL 9.3.2, compiled by Visual C++ build 1600, 32-bit". I got it from postgres website. I am using Windows 7 SP1 64-bit.

What am I missing here? Please help.

Craig Ringer
  • 307,061
  • 76
  • 688
  • 778
aparajithanv
  • 21
  • 4
  • What is your *exact* PostgreSQL version (`SELECT version()`, plus info on where you got it / installed it from) and your *exact* Windows version. – Craig Ringer Jan 27 '14 at 11:44
  • I am using "PostgreSQL 9.3.2, compiled by Visual C++ build 1600, 32-bit". I got it from postgres website. I am using Windows 7 SP1 64-bit. – aparajithanv Jan 27 '14 at 12:14
  • I'm not entirely sure that SSPI auth works without an AD domain. Also, PostgreSQL 9.2 and above run as the `NETWORKSERVICE` by default, not the `postgres` user; I suspect those instructions are out of date as a result. The trouble is that hardly anyone uses, or talks about, SSPI auth, and Windows experts generally don't contribute to the community or documentation, so there's a bit of an information vacuum. – Craig Ringer Jan 28 '14 at 02:10

0 Answers0