面对kerberos使用JDBC进行身份验证的问题

时间:2017-10-10 14:11:35

标签: java oracle jdbc kerberos

在Ubuntu中使用JDBC使用Kerberos身份验证尝试连接到Oracle时,我面临以下异常。

java.sql.SQLException: The service in process is not supported. Unable to obtain Principal Name for authentication
    at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:70)
    at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133)
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:199)
    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:480)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:413)
    at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:508)
    at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:203)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:208)
    at talendtest.tbillingops_0_1.tBillingOPS.tOracleConnection_1Process(tBillingOPS.java:614)
    at talendtest.tbillingops_0_1.tBillingOPS.runJobInTOS(tBillingOPS.java:6515)
    at talendtest.tbillingops_0_1.tBillingOPS.main(tBillingOPS.java:6333)
Caused by: oracle.net.ns.NetException: The service in process is not supported. Unable to obtain Principal Name for authentication
    at oracle.net.ano.AuthenticationService.h(Unknown Source)
    at oracle.net.ano.Ano.negotiation(Unknown Source)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:405)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:966)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:292)
    ... 9 more

Output of klist:
pagupta@xxxxxxxxx:~/> klist
Ticket cache: FILE:/tmp/krb5cc_8483390
Default principal: xxxxxx@yyy.zzzzzz.NET
Valid starting     Expires            Service principal
10/10/17 13:28:23  10/10/17 23:28:23  krbtgt/xxxx.yyyyyyy.zzz@xx.yyy.NET
    renew until 10/11/17 13:28:23
Kerberos 4 ticket cache: /tmp/tkt8483390
klist: You have no tickets cached

以下是我的代码段:

java.util.Properties prop = new java.util.Properties();
prop.setProperty(oracle.jdbc.OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES,"("+oracle.net.ano.AnoServices.AUTHENTICATION_KERBEROS5+")");
prop.setProperty(oracle.jdbc.OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL,"true");
 prop.setProperty(oracle.jdbc.OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,"/tmp/krb5cc_8483390");
System.setProperty("java.security.krb5.conf","/home/pagupta/krb5.conf");
String url_tOracleConnection_1 = "jdbc:oracle:thin:@(description=(address=(protocol=tcp)(host="+ context.DB_HOST+ ")(port="+ context.DB_PORT+ "))(connect_data=(service_name="+ context.DB_SRV+ ")))";
java.sql.DriverManager.registerDriver(new oracle.jdbc.OracleDriver());
oracle.jdbc.OracleDriver dri= new oracle.jdbc.OracleDriver();
conn_tOracleConnection_1 = java.sql.DriverManager.getConnection(url_tOracleConnection_1,prop);
System.out.print("Connected");

任何人都可以帮助我解决问题,这将是一个很大的帮助。

1 个答案:

答案 0 :(得分:0)

您必须在服务器端启用Kerberos。例如:

SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=kservice

More info at this location (Database Administration Guide)