使用这个例子,几乎让我的连接工作
http://blogs.nologin.es/rickyepoderi/index.php?/archives/105-Oracle-Driver-and-Kerberos.html
但启用kerberos缓存并调试后,正确获取我的主体名称并且凭据成功,则会出现与故障单相关的错误。
使用okinit(来自oracle 12的oracle kinit)生成票证
Exception in thread "main" java.sql.SQLRecoverableException: Error de E/S: The service in process is not supported. Failure unspecified at GSS-API level (Mechanism level: Generic error (description in e-text) (60) - ASN.1 unexpected field number) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:743) at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666) at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566) at java.sql.DriverManager.getConnection(DriverManager.java:571) at java.sql.DriverManager.getConnection(DriverManager.java:187) at JdbcThin.main(JdbcThin.java:39) Caused by: oracle.net.ns.NetException: The service in process is not supported. Failure unspecified at GSS-API level (Mechanism level: Generic error (description in e-text) (60) - ASN.1 unexpected field number) at oracle.net.ano.AuthenticationService.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at oracle.net.ano.AuthenticationService.e(Unknown Source) at oracle.net.ano.Ano.negotiation(Unknown Source) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:293) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496) ... 6 more Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Generic error (description in e-text) (60) - ASN.1 unexpected field number) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:710) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ... 14 more Caused by: KrbException: Generic error (description in e-text) (60) - ASN.1 unexpected field number at sun.security.krb5.KrbApRep.(KrbApRep.java:126) at sun.security.krb5.KrbApRep.(KrbApRep.java:102) at sun.security.krb5.KrbApRep.(KrbApRep.java:75) at sun.security.jgss.krb5.AcceptSecContextToken.(AcceptSecContextToken.java:89) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:696) ... 16 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.APRep.init(APRep.java:92) at sun.security.krb5.internal.APRep.(APRep.java:75) at sun.security.krb5.KrbApRep.(KrbApRep.java:116) ... 20 more
我正在使用java 7,但使用另一个没有问题。有没有办法用jvm正确读取票证(请参阅jdk的kinit也不要创建正确的票证)
答案 0 :(得分:0)
我正在分享这段代码,这段代码一直在为我工作。您是否设置了kerberos缓存文件的位置?
OracleDriver driver = new OracleDriver();
Properties prop = new Properties();
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES,
"("+AnoServices.AUTHENTICATION_KERBEROS5+")");
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL,
"true");
/* If you get the following error [Unable to obtain Principal Name for
* authentication] although you know that you have the right TGT in your
* credential cache, then it's probably because the JVM can't locate your
* cache.
* For example, here my credential cache is
* C:\Documents and Settings\Jean de Lavarene\krb5cc
* because when I run klist I get the following:
* > ./klist
* Ticket cache: FILE:C:\Documents and Settings\Jean de Lavarene\krb5cc
* Default principal: client@US.ORACLE.COM
*
* Valid starting Expires Service principal
* 06/21/16 13:23:02 06/21/16 23:23:02 krbtgt/US.ORACLE.COM@US.ORACLE.COM
* renew until 06/21/16 13:23:02
* This isn't the default location, so I need to provide the location. Note
* that the default location on windows is "C:\Documents and Settings\krb5cc_username".
*/
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"C:\\Documents and Settings\\Jean de Lavarene\\krb5cc");
Connection conn = driver.connect(url,prop);
String auth = ((OracleConnection)conn).getAuthenticationAdaptorName();
System.out.println("Authentication adaptor="+auth);