Trying to accomplish SSO from Windows

On Fri, Jul 9, 2010 at 7:30 PM, Kris Jurka <books(at)ejurka(dot)com> wrote:

>
>
> On Fri, 9 Jul 2010, Bryan Montgomery wrote:
>
> That got me a step further - I have a new direction to look at next week.
>> I
>> added the system properties and ended up with:
>>
>> Caused by: GSSException: No valid credentials provided (Mechanism level:
>> Failed to find any Kerberos tgt)
>>
>
> I don't know anything about that error message, but a quick look at Java's
> GSS troubleshooting guide has a potential solution for that exception.
>
>
> http://download.oracle.com/docs/cd/E17476_01/javase/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html
>
> Kris Jurka
>
Hello,
>From some help here and on the sun forums, I've made some progress in my
mission! I can log in to the database through psql if I have
PGKRBSRVNAME=HTTP, however I'm stuck when using JDBC. I originally was just
using montgomeryb as my user name but got an exception with that and by
trying other code found that when I didn't supply a user id, it defaulted to
the user(at)domain value.

Hopefully someone can help with this latest problem. I've copied the code I
execute below and the response I get:

Properties p = new Properties();
p.put("user","MontgomeryB(at)LAB2K(dot)NET");
p.put("kerberosServerName","HTTP");
Connection conn = DriverManager.getConnection("jdbc:postgresql://
poe3b.lab2k.net/"
+ "nrgdb?loglevel=2&jaasApplicationName=LoginJaas", p);

>>>KRBError:
sTime is Thu Jul 22 08:38:18 EDT 2010 1279802298000
suSec is 112913
error code is 7
error Message is Server not found in Kerberos database
realm is LAB2K.NET
sname is HTTP/172.16.118.89
msgType is 30

org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.GssAction.run(MakeGSS.java:152)

The one thing that seems strange to me is that the server name is being
replaced by the ip address. I tried changing the host name to HTTP/
poe3b.lab2k.net but then the error had

sname is HTTP/172.16.118.89/poe3b.lab2k.net

I did find another posting that talked about the setup in Active Directory
with the user logon name and first name. I was given a screen shot that
shows the user logon name as HTTP/poe3b.lab2k.net @lab2k.net and the User
logonname(pre-windows 2000) as poe3b.

Thanks - Byan.