[Qgis-user] QGIS for Windows with GSS/Kerberos/Active Directory

Tomas Pospisek tpo2 at sourcepole.ch
Fri Mar 10 08:28:45 PST 2023 

On 06.02.23 09:53, Tomas Pospisek via QGIS-User wrote:

> On 04.02.23 16:56, Jürgen E. Fischer via QGIS-User wrote:
> 
>> On Fri, 03. Feb 2023 at 16:41:28 +0100, Tomas Pospisek via QGIS-User 
>> wrote:
>>> So it seems QGIS as shipped by qgis.org does not ship with GSS 
>>> support? Is
>>> that correct?
>>
>> Yes.
>>
>>> Does anybody use QGIS on Windows with GSS?
>>
>> Apparently not.
>>
>>
>>> Any pointers/suggestions/help?
>> Please try libpq 15.1-1 from OSGeo4W (choose "Advanced Install" and 
>> enable
>> Exp.)
> 
> Thanks a lot! I will!

OK, so I was finally able to set up:

* Postgresql with Kerberos on Linux
* psql/QGIS with SSPI on Windows

and thus to authenticate from QGIS via Active Directory to the 
Postgresql server.

The details can be found 
[here](https://www.postgresql.org/message-id/08b836a7-272a-2309-da45-ac691fccacb8%40sourcepole.ch).

I short:

* don't use GSS on the Windows side
* only set the DB name and the DB derver (not the password,
   not the user, no authentication method or anything) and
   QGIS/psql/libpq will by default and out of the box use the SSPI
   interface that will use Active Directory that will use the Kerberos
   protocol and everything will work magically by itself, without any
   further intervention. This is only the client side. The server side
   (that is the postgresql server), still needs to be set up to do
   Kerberos via GSS).

Shout outs go to Stephen Frost and Jürgen E. Fischer for helping and 
caring. Many, many, many thanks for that!!!

And least but not least. It seems like libpq from the "Advanced 
Installer" from OSGeo4W can *not* do SSPI. It's always trying to use GSS 
and failing to do so. I'm not 100% clear on that since I was not able to 
test further, since I do not have direct access to the systems in 
question, however for anybody getting stuck in the same mud as me or 
those that build the "Advanced Installer" that's certainly something to 
be aware of.

Thanks & greetings,
*t

More information about the QGIS-User mailing list