Re: JDBC and GSSAPI/Krb5

> I've put up the current patch and a test jar file at:
>
> http://ejurka.com/pgsql/jars/gss
>
> At the moment it doesn't offer any of the configurability previously
> discussed except for the fact that it will use the password supplied in
> the connection request to try to acquire a ticket if none is cached.
>
> The application name for the JAAS LoginContext is "pgjdbc".
>
> It only support V3 protocol connections (default for 7.4+ servers). Let
> me know how it works and what else you would need for production use.

Where I work, we can use a simple connection string, devoid of any
user or password information, to connect via psql or DBD::Pg, and
Kerberos works its magic to authenticate to the database server
properly. I wouldn't mind telling people that they need to specify a
username with JDBC, but this behavior would mimic that of other
Kerberos/GSSAPI-enabled interfaces. It's possibly something to keep in
mind, but if it's too much work or not very feasible or
non-JDBC-compliant, I wouldn't worry about it.

However, I'm having a bit of trouble authenticating with a simple
program (see below). Granted, I'm still a bit new to JDBC, so please
point out any stupid mistakes, maybe I forgot a config step. I did
follow the docs, but no combination of username/password would work,
not even my true Kerberos password. (I can still connect via an
MD5-based user account).

The file:

import java.sql.*; // import the JDBC
import java.util.*;

public class Jdbc {
public static void main (String[] args) {
try {
Class.forName("org.postgresql.Driver"); // Load the PostgreSQL JDBC driv
er

// Connect to the database
Properties props = new Properties();
props.setProperty("user", "koczan");
props.setProperty("password", "[password]");
// props.setProperty("ssl", "true"); // I'll get this working later
Connection conn =
DriverManager.getConnection("jdbc:postgresql://mitchell.cs.wisc.edu:5434/postgres",
props);

Statement st = conn.createStatement();
ResultSet rs = st.executeQuery("select datname from
pg_database order by 1");
while (rs.next()) {
System.out.print("Database name returned: ");
System.out.println(rs.getString(1));
}
rs.close();
st.close();

} catch (Throwable ex) {
System.err.println("Uncaught exception in main...");
ex.printStackTrace();
}
}
}

The output was:
$ export CLASSPATH=/s/postgresql-8.3-beta/src/postgresql-jdbc-8.3dev-601.src/jars/postgresql-8.3dev-gss.jdbc3g.jar
$ javac Jdbc.Java
$ java Jdbc
Uncaught exception in main...
org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:36)
at org.postgresql.Driver.makeGSS(Driver.java:775)
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:373)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:98)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:124)
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
at org.postgresql.jdbc3g.Jdbc3gConnection.<init>(Jdbc3gConnection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:386)
at org.postgresql.Driver.connect(Driver.java:260)
at java.sql.DriverManager.getConnection(DriverManager.java:525)
at java.sql.DriverManager.getConnection(DriverManager.java:140)
at Jdbc.main(Jdbc.java:16)
Caused by: java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:29)
... 12 more
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
... 26 more

I expected:

$ java Jdbc
Database name returned: postgres
Database name returned: template0
Database name returned: template1