| Lists: | pgsql-jdbc |
|---|
| From: | Bryan Montgomery <monty(at)english(dot)net> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Trying to accomplish SSO from Windows |
| Date: | 2010-07-08 20:26:21 |
| Message-ID: | AANLkTinWun8RQ1Vw0JEsNXzx_HhAqGYAQj6LGTutvEG6@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-jdbc |
Hello,
I've been looking for some examples on how to connect to a linux postgresql
database from a java client running on Windows. The Jaas seems to be getting
the credentials from my windows logon, but then the jdbc driver is blowing
up with some sun classes looking for a non-existent file.
Hopefully there is some way to resolve this issue!
Thanks - Bryan.
Java code:
try {
Class.forName("org.postgresql.Driver");
String url = "jdbc:postgresql://
host.lab2k.net/nrgdb?loglevel=2&kerberosServerName=HTTP&jaasApplicationName=LoginJaas
";
Connection con = DriverManager.getConnection(url);
} catch (Exception ex) {
Logger.getLogger(LoginJaas.class.getName()).log(Level.SEVERE,
null, ex);
}
JAAS config:
LoginJaas {
com.sun.security.auth.module.Krb5LoginModule required debug=true
useTicketCache=true;
};
Output:
16:13:56.374 (1) PostgreSQL 8.4 JDBC4 (build 701)
16:13:56.374 (1) Trying to establish a protocol version 3 connection to
poe3b.lab2k.net:5432
16:13:56.405 (1) FE=> StartupPacket(user=montgomeryb, database=nrgdb,
client_encoding=UNICODE, DateStyle=ISO, extra_float_digits=2)
16:13:56.405 (1) <=BE AuthenticationReqGSS
Debug is true storeKey false useTicketCache true useKeyTab false
doNotPrompt false ticketCache is null isInitiator true KeyTab is null
refreshKrb5Config is false principal is null tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is Bryan(at)LAB2K(dot)NET
Commit Succeeded
org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.GssAction.run(MakeGSS.java:152)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:48)
at
org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:378)
at
org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:108)
at
org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
at
org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125)
at
org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
at
org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:22)
at
org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:30)
at
org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:207)
at javaapplication1.LoginJaas.main(LoginJaas.java:62)
SQLException: SQLState(08006)
Jul 8, 2010 4:13:56 PM javaapplication1.LoginJaas main
SEVERE: null
org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.GssAction.run(MakeGSS.java:152)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:48)
at
org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:378)
at
org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:108)
at
org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
at
org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125)
at
org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
at
org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:22)
at
org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:30)
at
org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:207)
at javaapplication1.LoginJaas.main(LoginJaas.java:62)
Caused by: GSSException: Invalid name provided (Mechanism level: Could not
load configuration file C:\WINDOWS\krb5.ini (The system cannot find the file
specified))
at
sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:110)
at
sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:80)
at
sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:188)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:428)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:157)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:127)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:111)
at
sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:113)
at org.postgresql.gss.GssAction.run(MakeGSS.java:93)
... 16 more
getConnection failed: org.postgresql.util.PSQLException: GSS Authentication
failed
| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Bryan Montgomery <monty(at)english(dot)net> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Trying to accomplish SSO from Windows |
| Date: | 2010-07-09 19:19:44 |
| Message-ID: | alpine.BSO.2.00.1007091518100.25837@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-jdbc |
On Thu, 8 Jul 2010, Bryan Montgomery wrote:
> Hello,
> I've been looking for some examples on how to connect to a linux postgresql
> database from a java client running on Windows. The Jaas seems to be getting
> the credentials from my windows logon, but then the jdbc driver is blowing
> up with some sun classes looking for a non-existent file.
>
> Caused by: GSSException: Invalid name provided (Mechanism level: Could not
> load configuration file C:\WINDOWS\krb5.ini (The system cannot find the file
> specified))
>
It appears you need to create that file or manually specify the realm and
KDC as system properties.
Kris Jurka
| From: | Bryan Montgomery <monty(at)english(dot)net> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Trying to accomplish SSO from Windows |
| Date: | 2010-07-09 20:28:04 |
| Message-ID: | AANLkTim4yspwbRuwE0z2Q3vi_PbDcIkb2u-tNvG7GDIp@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-jdbc |
Thanks Kris,
That got me a step further - I have a new direction to look at next week. I
added the system properties and ended up with:
Caused by: GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)
at
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:130)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106)
However, earlier in the output, it has:
16:17:55.852 (1) <=BE AuthenticationReqGSS
Debug is true storeKey false useTicketCache true useKeyTab false
doNotPrompt false ticketCache is null isInitiator true KeyTab is null
refreshKrb5Config is false principal is null tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is MontgomeryB(at)LAB2K(dot)NET
Commit Succeeded
So it looks like it's getting credentials here .....
I did set the windows registry setting below that I found mentioned
elsewhere.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
Any other tips for Monday will be appreciated :)
Thanks - Bryan.
On Fri, Jul 9, 2010 at 3:19 PM, Kris Jurka <books(at)ejurka(dot)com> wrote:
>
>
> On Thu, 8 Jul 2010, Bryan Montgomery wrote:
>
> Hello,
>> I've been looking for some examples on how to connect to a linux
>> postgresql
>> database from a java client running on Windows. The Jaas seems to be
>> getting
>> the credentials from my windows logon, but then the jdbc driver is blowing
>> up with some sun classes looking for a non-existent file.
>>
>> Caused by: GSSException: Invalid name provided (Mechanism level: Could not
>> load configuration file C:\WINDOWS\krb5.ini (The system cannot find the
>> file
>> specified))
>>
>>
> It appears you need to create that file or manually specify the realm and
> KDC as system properties.
>
>
> http://download.oracle.com/docs/cd/E17476_01/javase/1.5.0/docs/guide/security/jgss/tutorials/KerberosReq.html
>
> Kris Jurka
>
>
| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Bryan Montgomery <monty(at)english(dot)net> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Trying to accomplish SSO from Windows |
| Date: | 2010-07-09 23:30:32 |
| Message-ID: | alpine.BSO.2.00.1007091929150.4348@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-jdbc |
On Fri, 9 Jul 2010, Bryan Montgomery wrote:
> That got me a step further - I have a new direction to look at next week. I
> added the system properties and ended up with:
>
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos tgt)
I don't know anything about that error message, but a quick look at Java's
GSS troubleshooting guide has a potential solution for that exception.
Kris Jurka
| From: | Bryan Montgomery <monty(at)english(dot)net> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Trying to accomplish SSO from Windows |
| Date: | 2010-07-22 17:32:08 |
| Message-ID: | AANLkTimZ5uVuWvY6ddzba9XB8TRAJ3tdcgKwcD6ZdlDr@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-jdbc |
On Fri, Jul 9, 2010 at 7:30 PM, Kris Jurka <books(at)ejurka(dot)com> wrote:
>
>
> On Fri, 9 Jul 2010, Bryan Montgomery wrote:
>
> That got me a step further - I have a new direction to look at next week.
>> I
>> added the system properties and ended up with:
>>
>> Caused by: GSSException: No valid credentials provided (Mechanism level:
>> Failed to find any Kerberos tgt)
>>
>
> I don't know anything about that error message, but a quick look at Java's
> GSS troubleshooting guide has a potential solution for that exception.
>
>
> http://download.oracle.com/docs/cd/E17476_01/javase/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html
>
> Kris Jurka
>
Hello,
>From some help here and on the sun forums, I've made some progress in my
mission! I can log in to the database through psql if I have
PGKRBSRVNAME=HTTP, however I'm stuck when using JDBC. I originally was just
using montgomeryb as my user name but got an exception with that and by
trying other code found that when I didn't supply a user id, it defaulted to
the user(at)domain value.
Hopefully someone can help with this latest problem. I've copied the code I
execute below and the response I get:
Properties p = new Properties();
p.put("user","MontgomeryB(at)LAB2K(dot)NET");
p.put("kerberosServerName","HTTP");
Connection conn = DriverManager.getConnection("jdbc:postgresql://
poe3b.lab2k.net/"
+ "nrgdb?loglevel=2&jaasApplicationName=LoginJaas", p);
>>>KRBError:
sTime is Thu Jul 22 08:38:18 EDT 2010 1279802298000
suSec is 112913
error code is 7
error Message is Server not found in Kerberos database
realm is LAB2K.NET
sname is HTTP/172.16.118.89
msgType is 30
org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.GssAction.run(MakeGSS.java:152)
The one thing that seems strange to me is that the server name is being
replaced by the ip address. I tried changing the host name to HTTP/
poe3b.lab2k.net but then the error had
sname is HTTP/172.16.118.89/poe3b.lab2k.net
I did find another posting that talked about the setup in Active Directory
with the user logon name and first name. I was given a screen shot that
shows the user logon name as HTTP/poe3b.lab2k.net @lab2k.net and the User
logonname(pre-windows 2000) as poe3b.
Thanks - Byan.