| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Koczan <pjkoczan(at)gmail(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: GSSAPI/KRB5 and JDBC (again) |
| Date: | 2008-07-25 22:20:21 |
| Message-ID: | 20080725222021.GE16005@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
* Peter Koczan (pjkoczan(at)gmail(dot)com) wrote:
> On Thu, Jul 24, 2008 at 7:50 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > So you know, that generally means "wrong password". Have you tried
> > kinit'ing first? Is it prompting you for a password?
>
> I tried kinit, and it didn't work, but putting my real Kerberos
> password in the password field worked. It looks like it's trying to
> get a new set of credentials/tickets when authenticating, instead of
> using stashed or readily available credentials.
Ah, yes, I have some recollection of that. I forget how, exactly, but I
thought that I found a way around that.
> This is better than nothing, but it would be very nice to not force
> users to specify a password when connecting. It kinda defeats the
> purpose of a single-sign-on authentication system, and I'd really
> prefer not having users put their password in plaintext files, as it
> seems rather insecure. At the very least, the password should be able
> to be obscured or encrypted somehow in the connection, but even this
> is less than ideal.
I agree 110%. It really needs to use the existing credentials, though
it's nice that this shows the basic capability working.
> Is there any way to tell JDBC to use available KRB5/GSSAPI credentials?
I'll try to find some time to test my setup again and see if I can find
a way to do that. Of course, part of the problem here will end up being
silly applications that insist on being given a username and password.
It'd be nice if those could be left blank, but even so, users will end
up being annoyed by it. :( My primary JDBC app at the moment is uDig,
in case anyone's listening. ;)
> > I'm *really* anxious to have GSSAPI support in JDBC and fully
> > supported.. I've got it working in a test rig, but I need it working
> > under Linux and Windows for a number of clients and I havn't had time to
> > make sure all the issues are worked through. :/
>
> Me too. Now I just have to get SSL working, too.
Please update us on how that goes. :)
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Feng Kelvin | 2008-07-28 02:45:50 | New to pgsql-jdbc |
| Previous Message | Peter Koczan | 2008-07-25 17:40:43 | Re: GSSAPI/KRB5 and JDBC (again) |