Я получаю следующее исключение при попытке установить соединение KERBEROS с использованием JTDS
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Users/../KerberosConfDir/app1.keytab refreshKrb5Config
is false principal is http/domainusername.foo.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false
[Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
java.sql.SQLException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:654)
at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
at JDBCKerberosTest.main(JDBCKerberosTest.java:85)
Caused by: java.io.IOException: GSS Failed: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at net.sourceforge.jtds.jdbc.TdsCore.sendMSLoginPkt(TdsCore.java:1976)
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:617)
... 3 more
Это код, который я написал,
try {
String filePath = System.getProperty("user.dir") + File.separator + "KerberosConfDir";
Driver d = (Driver)Class.forName("net.sourceforge.jtds.jdbc.Driver").newInstance();
System.setProperty("java.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config", filePath+File.separator+"login.conf");
System.setProperty("java.security.krb5.conf", filePath+File.separator+"krb5.ini");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
Properties dbConProp = new Properties();
dbConProp.setProperty("user",user);
dbConProp.setProperty("password",pwd);
String connectionUrl = "jdbc:jtds:sqlserver://"+hostName+":"+port+"/master;instance="+instanceName+";domain="+mydomain+";useNTLMv2=true;useKerberos=true;";
con = d.connect(connectionUrl, dbConProp);
rs = con.createStatement().executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
if(rs.next()) {
System.out.println("auth_scheme : "+rs.getString("auth_scheme"));
if(rs.getString("auth_scheme").equalsIgnoreCase("KERBEROS")) {
System.out.println("%%%%%%%%%%%%%%%%%%%%%% JTDS : KERBEROS Connection successful %%%%%%%%%%%%%%%%%%%%%%");
} else {
System.out.println("%%%%%%%%%%%%%%%%%%%%%% JTDS : KERBEROS Connection failed %%%%%%%%%%%%%%%%%%%%%%");
}
}
} catch (Exception exp) {
exp.printStackTrace();
} finally {
try {
if(rs != null) {
rs.close();
}
} catch(Exception e) {
e.printStackTrace();
}
try {
if(con != null) {
con.close();
}
} catch(Exception e) {
e.printStackTrace();
}
}
моя конфигурация login.conf, как показано ниже
com.sun.security.jgss.krb5.initiate {com.sun.security.auth.module.Krb5LoginModule обязательный useTicketCache = falsedoNotPrompt = true useKeyTab = truekeyTab = "../ KerberosConfDir / app1.keyTab" Principal = "domainusername@FOO.COM" storeKey = true debug = true};
мой krb5.ini, как показано ниже
[libdefaults]
default_realm = FOO.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 1s
forwardable = yes
#udp_preference_limit = 1
[realms]
FOO.COM = {
kdc = KDC_HOST.FOO.COM
default_domain = FOO.COM
}
[domain_realm]
.FOO.COM = FOO.COM
[login]
krb4_convert = true
krb4_get_tickets = false
my SQLJDBCDriver.conf, как показано ниже
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true >doNotPrompt=true;
};
Создан файл keyTab, как показано ниже
ktpass / out app1.keytab / princ http/domainusername.foo.com@foo.com / mapuser domainusername / crypto AES256-SHA1 / ptype KRB5_NT_PRINCIPAL / pass domainuserpassword
Может кто-нибудь помочь мне в этом вопросе?