* Peter Koczan (pjkoczan(at)gmail(dot)com) wrote:
> On Thu, Jul 24, 2008 at 7:50 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > So you know, that generally means "wrong password". Have you tried
> > kinit'ing first? Is it prompting you for a password?
> I tried kinit, and it didn't work, but putting my real Kerberos
> password in the password field worked. It looks like it's trying to
> get a new set of credentials/tickets when authenticating, instead of
> using stashed or readily available credentials.
Ah, yes, I have some recollection of that. I forget how, exactly, but I
thought that I found a way around that.
> This is better than nothing, but it would be very nice to not force
> users to specify a password when connecting. It kinda defeats the
> purpose of a single-sign-on authentication system, and I'd really
> prefer not having users put their password in plaintext files, as it
> seems rather insecure. At the very least, the password should be able
> to be obscured or encrypted somehow in the connection, but even this
> is less than ideal.
I agree 110%. It really needs to use the existing credentials, though
it's nice that this shows the basic capability working.
> Is there any way to tell JDBC to use available KRB5/GSSAPI credentials?
I'll try to find some time to test my setup again and see if I can find
a way to do that. Of course, part of the problem here will end up being
silly applications that insist on being given a username and password.
It'd be nice if those could be left blank, but even so, users will end
up being annoyed by it. :( My primary JDBC app at the moment is uDig,
in case anyone's listening. ;)
> > I'm *really* anxious to have GSSAPI support in JDBC and fully
> > supported.. I've got it working in a test rig, but I need it working
> > under Linux and Windows for a number of clients and I havn't had time to
> > make sure all the issues are worked through. :/
> Me too. Now I just have to get SSL working, too.
Please update us on how that goes. :)
In response to
pgsql-jdbc by date
|Next:||From: Feng Kelvin||Date: 2008-07-28 02:45:50|
|Subject: New to pgsql-jdbc|
|Previous:||From: Peter Koczan||Date: 2008-07-25 17:40:43|
|Subject: Re: GSSAPI/KRB5 and JDBC (again)|