Skip Menu |
 

From: "Brian C. DeRocher" <brian.derocher@mitretek.org>
To: kfw-bugs@mit.edu
Subject: bug with registry?
Date: Thu, 11 May 2006 11:44:22 -0400
Hello,

I'm helping my colleage connect MS Access to a PostgreSQL database
by way of ODBC. The driver supports authentication by Kerberos and
i've made a connection using my own credentials.

However when i destroy mine and authenticate as him, i can't connect.
I get an error message that the credentials cache can not be found.

I went into the registry
HKEY_CURRENT_USER/Softare/MIT/Kerberos5/

Here ccname is still set to me and not as the new guy. So i manually
change it to him, and the Access link is created as normal.

So i was just wondering if there's a bug here?

thanks,
Brian

--
Brian C. DeRocher @ Mitretek Systems
This email was signed using OpenPGP.
Download (untitled)
application/pgp-signature 307B

Message body not shown because it is not plain text.

KFW version?

If you are 3.0 with NetIDMgr, did you select your co-worker's principal
name as the default in NetIDMgr?

Jeffrey Altman


[brian.derocher@mitretek.org - Thu May 11 11:44:43 2006]:

Show quoted text
> Hello,
>
> I'm helping my colleage connect MS Access to a PostgreSQL database
> by way of ODBC. The driver supports authentication by Kerberos and
> i've made a connection using my own credentials.
>
> However when i destroy mine and authenticate as him, i can't connect.
> I get an error message that the credentials cache can not be found.
>
> I went into the registry
> HKEY_CURRENT_USER/Softare/MIT/Kerberos5/
>
> Here ccname is still set to me and not as the new guy. So i manually
> change it to him, and the Access link is created as normal.
>
> So i was just wondering if there's a bug here?
>
> thanks,
> Brian
From: "Brian C. DeRocher" <brian.derocher@mitretek.org>
To: rt-kfw@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #3747] bug with registry?
Date: Tue, 16 May 2006 17:29:57 -0400
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.7KiB
Jeff,

KFW 3.0 with NetIDMgr, yes.

I did not explicitly select him as the default identity. After double
clicking on his credentials, i see how i can select his identity as
default. And this is reflected in the registry.

I assumed that if i destory joe's credentials and get my own, that the
default identity would become me. After all this is the behavior with
kinit on linux.

I also though Access or the PostgreSQL ODBC driver would be smarter.
If the username in the Data Source is brian, it would select the
brian identity, likewise if it's joe. But after some consideration
a kerberos princ would need to be mapped to the database username
somehow.

Anyway, i guess it's not a bug, just a hiccup.

Brian

--
Brian C. DeRocher @ Mitretek Systems
This email was signed using OpenPGP.

On Monday 2006 May 15 18:37, Jeffrey Altman via RT wrote:
Show quoted text
>
> KFW version?
>
> If you are 3.0 with NetIDMgr, did you select your co-worker's principal
> name as the default in NetIDMgr?
>
> Jeffrey Altman
>
>
> [brian.derocher@mitretek.org - Thu May 11 11:44:43 2006]:
>
> > Hello,
> >
> > I'm helping my colleage connect MS Access to a PostgreSQL database
> > by way of ODBC. The driver supports authentication by Kerberos and
> > i've made a connection using my own credentials.
> >
> > However when i destroy mine and authenticate as him, i can't connect.
> > I get an error message that the credentials cache can not be found.
> >
> > I went into the registry
> > HKEY_CURRENT_USER/Softare/MIT/Kerberos5/
> >
> > Here ccname is still set to me and not as the new guy. So i manually
> > change it to him, and the Access link is created as normal.
> >
> > So i was just wondering if there's a bug here?
> >
> > thanks,
> > Brian
>
>
Download (untitled)
application/pgp-signature 307B

Message body not shown because it is not plain text.

Date: Tue, 16 May 2006 18:21:19 -0400
From: Jeffrey Altman <jaltman@mit.edu>
To: rt-kfw@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #3747] bug with registry?
RT-Send-Cc:
NetIDMgr allows you to obtain credentials for multiple identities.
You do not have to destroy yours to obtain your co-workers.
You can switch between them by specifying the "default" identity.
This is different from "kinit" which only understands the concept
of a single identity.

Jeffrey Altman


""Brian C. DeRocher" via RT" wrote:
Show quoted text
> Jeff,
>
> KFW 3.0 with NetIDMgr, yes.
>
> I did not explicitly select him as the default identity. After double
> clicking on his credentials, i see how i can select his identity as
> default. And this is reflected in the registry.
>
> I assumed that if i destory joe's credentials and get my own, that the
> default identity would become me. After all this is the behavior with
> kinit on linux.
>
> I also though Access or the PostgreSQL ODBC driver would be smarter.
> If the username in the Data Source is brian, it would select the
> brian identity, likewise if it's joe. But after some consideration
> a kerberos princ would need to be mapped to the database username
> somehow.
>
> Anyway, i guess it's not a bug, just a hiccup.
>
> Brian
>
closing the ticket.