You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After that OS user with cyrillic characters has been created on that host, his name is: "ВасисуалийПупка", after that Windows session was restarted with this user name.
Trying to connect to database 'employee' using OS authentification fails in this case - see attached file "trusted-auth-with-non-ascii-chars-in-os-user-name.png".
If undo changes in firebird.conf and try to create SQL login with non-ascii characters and connect using it - all OK, see file "srp-auth-with-non-ascii-chars-in-SQL-user-name.png" (but there is one question about MON$REMOTE_OS_USER - see this screenshot).
summary: Trusted auth. does not workwhen OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) => Trusted auth. does not work when OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login)
summary: Trusted auth. does not work when OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) => Error retrieving current user name when using Windows trusted authentication and OS user name contains non-ASCII characters
In order to test this ticket, a shorter OS user name must be used. Trusted authentication prepends the user name with a host/domain name - <host>\<user> - and keep in mind that UTF8 representation of "ВасисуалийПупка" is longer. Both these reasons may cause an error during connection time: "login is longer than 31 bytes". I've been testing with "Васисуалий" and it worked.
Submitted by: @pavel-zotov
Attachments:
trusted-auth-with-non-ascii-chars-in-os-user-name.png
srp-auth-with-non-ascii-chars-in-SQL-user-name.png
Votes: 1
On snapshot with non-initialized security3.fdb and default firebird.conf do:
C:\...> gsec -display -database .\security3.fdb
Install incomplete, please read the Compatibility chapter in the release notes for this version
C:\...> echo create user SYSDBA password 'masterkey'; show users; | isql -user sysdba .\security3.fdb
Users in the database
2 #SYSDBA
Than:
C:\...> isql localhost/3050:employee -q
SQL> CREATE GLOBAL MAPPING TRUSTED_AUTH USING PLUGIN WIN_SSPI FROM ANY USER TO USER;
SQL> exit;
Than firebird.conf was changed: AuthServer and AuthClient were replaced with `Win_Sspi` at the start of their values:
RemoteServicePort = 3330
Servermode = SuperClassic
AuthServer = Win_Sspi,Srp,Legacy_Auth
AuthClient = Win_Sspi,Srp,Legacy_Auth
WireCrypt = Disabled
UserManager = Srp
TempDirectories = c:\temp
MaxUserTraceLogSize = 99999
FileSystemCacheThreshold = 65536K
LockHashSlots = 22111
TempCacheLimit = 2147483647
-- and FB service was restarted.
After that OS user with cyrillic characters has been created on that host, his name is: "ВасисуалийПупка", after that Windows session was restarted with this user name.
Trying to connect to database 'employee' using OS authentification fails in this case - see attached file "trusted-auth-with-non-ascii-chars-in-os-user-name.png".
If undo changes in firebird.conf and try to create SQL login with non-ascii characters and connect using it - all OK, see file "srp-auth-with-non-ascii-chars-in-SQL-user-name.png" (but there is one question about MON$REMOTE_OS_USER - see this screenshot).
Commits: 881c796 FirebirdSQL/fbt-repository@de2c331
The text was updated successfully, but these errors were encountered: