Please add trusted_connection option

[amachanic]

FreeTDS supports a connection option called trusted_connection that allows for SSPI or Kerberos based authentication. Any chance you can expose that?

Thanks!

[joshuahlang]

FreeTDS only exposes this option via ODBC and that prompts the user for input on Windows only (based on my skimming of the code). Unfortunately, ctds doesn't use the ODBC interface of FreeTDS.

[nickolay]

Simply passing empty strings for the user and password parameters of ctds.connect() works for me, presumably using the "integrated security" (aka trusted_connection), that is re-using the domain credentials of the current Windows user.

I got the idea to try it after seeing this in FreeTDS code: https://github.com/FreeTDS/freetds/blob/0898c7e3eb2b41709f9ae38a15beaa1b6fab77c7/src/tds/login.c#L874

It could be added to the documentation, though, since it's an important feature for Windows-running shops.

[amachanic]

@nickolay

Which OS did you do this on*, and can you describe more about the environment? On this end, Linux, after caching a Kerberos ticket using kinit, setting empty user and password results in:

_tds.OperationalError: Adaptive Server connection failed (server:1433)

*As an aside, I am not able to get CTDS to compile on Windows (thanks to FreeTDS). If you've been able to do that I'd love to get some decent instructions. I sank a few hours into the pursuit and got nowhere.

[nickolay]

I’m on Windows 10, connecting to MSSQL2012. (I recently submitted https://github.com/zillow/ctds/pull/30 to document the solutions to the problems I encountered while attempting to build. FreeTDS itself compiled without an issue after I installed cmake and fixed the problem with Microsoft’s rc.exe missing from PATH.)

On Linux: If I were you, I’d try getting the FreeTDS command-line utility (tsql?) to connect first. I didn’t investigate Kerberos-specific instructions, since I was interested in Windows, but I saw some troubleshooting info in FreeTDS’ user guide.

[srprogrammer]

AFAIK, this is working on pymssql

• https://github.com/pymssql/pymssql/pull/446
• https://github.com/pymssql/pymssql/issues/402
• https://github.com/pymssql/pymssql/pull/433
• https://github.com/pymssql/pymssql/commit/55e9e8ae86a6b69d89ed4ae9751b054c24d99ea6

could be of help.

Also, http://www.freetds.org/userguide/domains.htm which I suspect you've already seen.

[amachanic]

@srprogrammer

Thanks for the reference. Unfortunately I can't seem to get it working in Linux using a cached ticket. I suspect that it's designed for Windows? Oh well! I'm giving up at this point.

[joshuahlang]

Closing as external