java - Error connecting to PostgreSQL 9.4 with MIT Kerberos via JDBC vs CLI -


i have set postgresql 9.4 mit kerberos 5 , can connect on cli using psql. after filing off fingerprints principal bgiles/postgres@realm, pg_hba.conf has

host                            0.0.0.0/0        gss include_realm=1 map=gss krb_realm=realm 

and pg_ident.conf file has

gss     /^(.*)/postgres@realm$ \1 

i created principal, saved keytab, , if

$ kinit -k -t krb5.keytab bgiles/postgres 

i can connect postgresql server 'kpg'. proves kerberos , keytab set properly.

$ psql -h kpg dbname (connection information...) 

however when use same keytab connect via jdbc gss authentication error due postgresql refusing perform mapping.

2016-04-20 00:13:16 utc [18919-1] bgiles/postgres@bgiles log:  no match in usermap "gss" user "bgiles/postgres" authenticated "bgiles/postgres@realm" 2016-04-20 00:13:16 utc [18919-2] bgiles/postgres@bgiles fatal:  gssapi authentication failed user "bgiles/postgres" 2016-04-20 00:13:16 utc [18919-3] bgiles/postgres@bgiles detail:  connection matched pg_hba.conf line 100: "host            75.144.16.201/32    gss include_realm=1 map=gss krb_realm=realm" 

(i noticed @bgiles , suspect key problem totally stumped it.)

the test code is

public class kerberospostgresqltest {      static {         url url = thread.currentthread().getcontextclassloader().getresource("jaas.conf");          system.setproperty("java.security.auth.login.config", url.toexternalform());         system.setproperty("java.security.krb5.realm", "realm");         system.setproperty("java.security.krb5.kdc", "kdc");     }      @test     public void test() throws exception {         string url = "jdbc:postgresql://kpg/bgiles";         string user = "bgiles/postgres";          properties conninfo = new properties();         conninfo.put("user", user);         conninfo.put("jaasapplicationname", "pgjdbc");          try (connection conn = drivermanager.getconnection(url, conninfo)) {          }     } } 

and jaas configuration file is

pgjdbc {     com.sun.security.auth.module.krb5loginmodule required     refreshkrb5config=true     donotprompt=true     useticketcache=true     renewtgt=false     usekeytab=true     keytab="/tmp/krb5.keytab"     debug=true     client=true     principal="bgiles/postgres"     ; 

};

the postgresql database recognizes valid kerberos connection attempt. it's balking @ final step maps kerberos principal postgresql user id. somehow java/jaas/jdbc code mangling , works on cli not work via jdbc.

i have used countless variants of boolean flags , adding or removing @realm , found many ways prevent gss authentication happening @ nothing lets me connect server.

any ideas? difference in java/jaas/jdbc code can't understand how can mangled principal that's still accepted kdc. tgt issues?

thanks,

bear


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -