#sql-server #java-8 #kerberos #windows-authentication #jtds
#sql-server #java-8 #kerberos #windows-аутентификация #jtds
Вопрос:
При попытке установить соединение KERBEROS с использованием JTDS я получаю следующее исключение
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Users/../KerberosConfDir/app1.keytab refreshKrb5Config
is false principal is http/domainusername.foo.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false
[Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
java.sql.SQLException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:654)
at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
at JDBCKerberosTest.main(JDBCKerberosTest.java:85)
Caused by: java.io.IOException: GSS Failed: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at net.sourceforge.jtds.jdbc.TdsCore.sendMSLoginPkt(TdsCore.java:1976)
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:617)
... 3 more
Это код, который я написал,
try {
String filePath = System.getProperty("user.dir") File.separator "KerberosConfDir";
Driver d = (Driver)Class.forName("net.sourceforge.jtds.jdbc.Driver").newInstance();
System.setProperty("java.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config", filePath File.separator "login.conf");
System.setProperty("java.security.krb5.conf", filePath File.separator "krb5.ini");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
Properties dbConProp = new Properties();
dbConProp.setProperty("user",user);
dbConProp.setProperty("password",pwd);
String connectionUrl = "jdbc:jtds:sqlserver://" hostName ":" port "/master;instance=" instanceName ";domain=" mydomain ";useNTLMv2=true;useKerberos=true;";
con = d.connect(connectionUrl, dbConProp);
rs = con.createStatement().executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
if(rs.next()) {
System.out.println("auth_scheme : " rs.getString("auth_scheme"));
if(rs.getString("auth_scheme").equalsIgnoreCase("KERBEROS")) {
System.out.println("%%%%%%%%%%%%%%%%%%%%%% JTDS : KERBEROS Connection successful %%%%%%%%%%%%%%%%%%%%%%");
} else {
System.out.println("%%%%%%%%%%%%%%%%%%%%%% JTDS : KERBEROS Connection failed %%%%%%%%%%%%%%%%%%%%%%");
}
}
} catch (Exception exp) {
exp.printStackTrace();
} finally {
try {
if(rs != null) {
rs.close();
}
} catch(Exception e) {
e.printStackTrace();
}
try {
if(con != null) {
con.close();
}
} catch(Exception e) {
e.printStackTrace();
}
}
моя конфигурация login.conf, как показано ниже
com.sun.security.jgss.krb5.инициировать { com.sun.security.auth.module.Требуется Krb5LoginModule useTicketCache=false
doNotPrompt=true useKeyTab= true
keyTab=»../KerberosConfDir/app1.keyTab» principal =»domainusername@FOO.COM «storeKey= true debug= true };
мой krb5.ini, как показано ниже
[libdefaults] default_realm = FOO.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 1s forwardable = yes #udp_preference_limit = 1 [realms] FOO.COM = { kdc = KDC_HOST.FOO.COM default_domain = FOO.COM } [domain_realm] .FOO.COM = FOO.COM [login] krb4_convert = true krb4_get_tickets = false
мой SQLJDBCDriver.conf, как показано ниже
SQLJDBCDriver { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true >doNotPrompt=true; };
Создали файл keyTab, как показано ниже
ktpass / out app1.keytab /princ http/domainusername.foo.com@foo.com /mapuser domainusername /crypto AES256-SHA1 /ptype KRB5_NT_PRINCIPAL /передать domainuserpassword
Может ли кто-нибудь помочь мне в этой проблеме?
Комментарии:
1. Привет, есть какие-нибудь новости по моей теме выше?