尝试使用JTDS建立KERBEROS连接时出现以下异常
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Users/../KerberosConfDir/app1.keytab refreshKrb5Config
is false principal is http/domainusername.foo.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false
[Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
java.sql.SQLException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:654)
at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
at JDBCKerberosTest.main(JDBCKerberosTest.java:85)
Caused by: java.io.IOException: GSS Failed: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
at net.sourceforge.jtds.jdbc.TdsCore.sendMSLoginPkt(TdsCore.java:1976)
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:617)
... 3 more
这是我编写的代码,
try {
String filePath = System.getProperty("user.dir") + File.separator + "KerberosConfDir";
Driver d = (Driver)Class.forName("net.sourceforge.jtds.jdbc.Driver").newInstance();
System.setProperty("java.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config", filePath+File.separator+"login.conf");
System.setProperty("java.security.krb5.conf", filePath+File.separator+"krb5.ini");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
Properties dbConProp = new Properties();
dbConProp.setProperty("user",user);
dbConProp.setProperty("password",pwd);
String connectionUrl = "jdbc:jtds:sqlserver://"+hostName+":"+port+"/master;instance="+instanceName+";domain="+mydomain+";useNTLMv2=true;useKerberos=true;";
con = d.connect(connectionUrl, dbConProp);
rs = con.createStatement().executeQuery("select auth_scheme from sys.dm_exec_connections where session_id=@@spid");
if(rs.next()) {
System.out.println("auth_scheme : "+rs.getString("auth_scheme"));
if(rs.getString("auth_scheme").equalsIgnoreCase("KERBEROS")) {
System.out.println("%%%%%%%%%%%%%%%%%%%%%% JTDS : KERBEROS Connection successful %%%%%%%%%%%%%%%%%%%%%%");
} else {
System.out.println("%%%%%%%%%%%%%%%%%%%%%% JTDS : KERBEROS Connection failed %%%%%%%%%%%%%%%%%%%%%%");
}
}
} catch (Exception exp) {
exp.printStackTrace();
} finally {
try {
if(rs != null) {
rs.close();
}
} catch(Exception e) {
e.printStackTrace();
}
try {
if(con != null) {
con.close();
}
} catch(Exception e) {
e.printStackTrace();
}
}
我的login.conf配置如下
com.sun.security.jgss.krb5.initiate { 需要com.sun.security.auth.module.Krb5LoginModule useTicketCache = false
doNotPrompt = true useKeyTab = true
keyTab =“ ../ KerberosConfDir / app1.keyTab” 主体=“ domainusername@FOO.COM” storeKey = true debug = true};
我的krb5.ini如下
[libdefaults] default_realm = FOO.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 1s forwardable = yes #udp_preference_limit = 1 [realms] FOO.COM = { kdc = KDC_HOST.FOO.COM default_domain = FOO.COM } [domain_realm] .FOO.COM = FOO.COM [login] krb4_convert = true krb4_get_tickets = false
我的SQLJDBCDriver.conf如下
SQLJDBCDriver { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true >doNotPrompt=true; };
已如下创建keyTab文件
ktpass / out app1.keytab / princ http/domainusername.foo.com@foo.com / mapuser domainusername / crypto AES256-SHA1 / ptype KRB5_NT_PRINCIPAL / pass domainuserpassword
有人可以帮助我解决这个问题吗?