Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(quaint): enable integrated-auth-gssapi tiberius feature #4980

Open
wants to merge 10 commits into
base: main
Choose a base branch
from

Conversation

andrew-dias
Copy link

@andrew-dias andrew-dias commented Aug 14, 2024

This PR should extend support for MSSQL integrated authentication to *nix systems. Prisma currently only supports this feature on Windows.

The Tiberius SQL Server driver used by Prisma can support integrated authentication on *nix by enabling its integrated-auth-gssapi feature (see https://github.com/prisma/tiberius#integrated-authentication-trustedconnection-on-nix).

Closes #4974.

@andrew-dias andrew-dias requested a review from a team as a code owner August 14, 2024 21:37
@andrew-dias andrew-dias requested review from laplab and removed request for a team August 14, 2024 21:37
@CLAassistant
Copy link

CLAassistant commented Aug 14, 2024

CLA assistant check
All committers have signed the CLA.

@andrew-dias andrew-dias changed the title feat: enable integrated-auth-gssapi tiberius feature feat(quaint): enable integrated-auth-gssapi tiberius feature Aug 14, 2024
@andrew-dias andrew-dias force-pushed the feat/enable-integrated-auth-gssapi branch from 793b297 to c0ea0cd Compare August 16, 2024 20:22
@aqrln
Copy link
Member

aqrln commented Aug 24, 2024

Won't this make Prisma depend on additional shared libraries to be installed on the system? If so, it's a breaking change.

@andrew-dias andrew-dias force-pushed the feat/enable-integrated-auth-gssapi branch 3 times, most recently from c625829 to 980270d Compare August 27, 2024 04:19
@andrew-dias
Copy link
Author

Won't this make Prisma depend on additional shared libraries to be installed on the system? If so, it's a breaking change.

Yes, according to https://github.com/prisma/tiberius#integrated-authentication-trustedconnection-on-nix, on *nix:

With the integrated-auth-gssapi feature enabled, the crate requires the GSSAPI/Kerberos libraries/headers installed

I am hoping that is only required if the the user actually uses the integrated auth feature on a *nix machine, otherwise this whole thing is probably a no-go. If that is true, then I don't think it should be considered a breaking change. Unfortunately this is my first foray into Rust and Prisma so I don't know how all the pieces fit together during runtime yet.

@andrew-dias andrew-dias force-pushed the feat/enable-integrated-auth-gssapi branch from 928afbf to 8f85bed Compare August 28, 2024 15:28
@andrew-dias
Copy link
Author

@aqrln It looks like @pimeys was spending some time looking into the implications of enabling this gssapi feature on Prisma a while ago (estokes/libgssapi#1 (comment)). I would be curious to know where he or the Prisma org ended up on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support SQL Server integrated security on *nix by enabling integrated-auth-gssapi feature in tiberius
3 participants