Skip site navigation (1) Skip section navigation (2)

Re: GSSAPI/KRB5 and JDBC (again)

From: "Peter Koczan" <pjkoczan(at)gmail(dot)com>
To: "Peter Koczan" <pjkoczan(at)gmail(dot)com>, pgsql-jdbc(at)postgresql(dot)org
Subject: Re: GSSAPI/KRB5 and JDBC (again)
Date: 2008-07-25 17:40:43
Message-ID: 4544e0330807251040uea445cao29adebc9afa71127@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
On Thu, Jul 24, 2008 at 7:50 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> So you know, that generally means "wrong password".  Have you tried
> kinit'ing first?  Is it prompting you for a password?

I tried kinit, and it didn't work, but putting my real Kerberos
password in the password field worked. It looks like it's trying to
get a new set of credentials/tickets when authenticating, instead of
using stashed or readily available credentials.

This is better than nothing, but it would be very nice to not force
users to specify a password when connecting. It kinda defeats the
purpose of a single-sign-on authentication system, and I'd really
prefer not having users put their password in plaintext files, as it
seems rather insecure. At the very least, the password should be able
to be obscured or encrypted somehow in the connection, but even this
is less than ideal.

Is there any way to tell JDBC to use available KRB5/GSSAPI credentials?

> I'm *really* anxious to have GSSAPI support in JDBC and fully
> supported..  I've got it working in a test rig, but I need it working
> under Linux and Windows for a number of clients and I havn't had time to
> make sure all the issues are worked through. :/

Me too. Now I just have to get SSL working, too.

Peter

In response to

Responses

pgsql-jdbc by date

Next:From: Stephen FrostDate: 2008-07-25 22:20:21
Subject: Re: GSSAPI/KRB5 and JDBC (again)
Previous:From: Stephen FrostDate: 2008-07-25 00:50:12
Subject: Re: GSSAPI/KRB5 and JDBC (again)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group