Re: JDBC and GSSAPI/Krb5
| От | Peter Koczan |
|---|---|
| Тема | Re: JDBC and GSSAPI/Krb5 |
| Дата | |
| Msg-id | 4544e0330801291236u7d7384b2s262b3b07c8dffff3@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: JDBC and GSSAPI/Krb5 (Kris Jurka <books@ejurka.com>) |
| Ответы |
Re: JDBC and GSSAPI/Krb5
|
| Список | pgsql-jdbc |
> I've put up the current patch and a test jar file at: > > http://ejurka.com/pgsql/jars/gss > > At the moment it doesn't offer any of the configurability previously > discussed except for the fact that it will use the password supplied in > the connection request to try to acquire a ticket if none is cached. > > The application name for the JAAS LoginContext is "pgjdbc". > > It only support V3 protocol connections (default for 7.4+ servers). Let > me know how it works and what else you would need for production use. Where I work, we can use a simple connection string, devoid of any user or password information, to connect via psql or DBD::Pg, and Kerberos works its magic to authenticate to the database server properly. I wouldn't mind telling people that they need to specify a username with JDBC, but this behavior would mimic that of other Kerberos/GSSAPI-enabled interfaces. It's possibly something to keep in mind, but if it's too much work or not very feasible or non-JDBC-compliant, I wouldn't worry about it. However, I'm having a bit of trouble authenticating with a simple program (see below). Granted, I'm still a bit new to JDBC, so please point out any stupid mistakes, maybe I forgot a config step. I did follow the docs, but no combination of username/password would work, not even my true Kerberos password. (I can still connect via an MD5-based user account). The file: import java.sql.*; // import the JDBC import java.util.*; public class Jdbc { public static void main (String[] args) { try { Class.forName("org.postgresql.Driver"); // Load the PostgreSQL JDBC driv er // Connect to the database Properties props = new Properties(); props.setProperty("user", "koczan"); props.setProperty("password", "[password]"); // props.setProperty("ssl", "true"); // I'll get this working later Connection conn = DriverManager.getConnection("jdbc:postgresql://mitchell.cs.wisc.edu:5434/postgres", props); Statement st = conn.createStatement(); ResultSet rs = st.executeQuery("select datname from pg_database order by 1"); while (rs.next()) { System.out.print("Database name returned: "); System.out.println(rs.getString(1)); } rs.close(); st.close(); } catch (Throwable ex) { System.err.println("Uncaught exception in main..."); ex.printStackTrace(); } } } The output was: $ export CLASSPATH=/s/postgresql-8.3-beta/src/postgresql-jdbc-8.3dev-601.src/jars/postgresql-8.3dev-gss.jdbc3g.jar $ javac Jdbc.Java $ java Jdbc Uncaught exception in main... org.postgresql.util.PSQLException: GSS Authentication failed at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:36) at org.postgresql.Driver.makeGSS(Driver.java:775) at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:373) at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:98) at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66) at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:124) at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30) at org.postgresql.jdbc3g.Jdbc3gConnection.<init>(Jdbc3gConnection.java:24) at org.postgresql.Driver.makeConnection(Driver.java:386) at org.postgresql.Driver.connect(Driver.java:260) at java.sql.DriverManager.getConnection(DriverManager.java:525) at java.sql.DriverManager.getConnection(DriverManager.java:140) at Jdbc.main(Jdbc.java:16) Caused by: java.lang.SecurityException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:494) at java.lang.Class.newInstance0(Class.java:350) at java.lang.Class.newInstance(Class.java:303) at javax.security.auth.login.Configuration$3.run(Configuration.java:216) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.init(LoginContext.java:234) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:29) ... 12 more Caused by: java.io.IOException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95) ... 26 more I expected: $ java Jdbc Database name returned: postgres Database name returned: template0 Database name returned: template1
В списке pgsql-jdbc по дате отправления: