| From: | "Peter Koczan" <pjkoczan(at)gmail(dot)com> |
|---|---|
| To: | "Peter Koczan" <pjkoczan(at)gmail(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: GSSAPI/KRB5 and JDBC (again) |
| Date: | 2008-07-25 17:40:43 |
| Message-ID: | 4544e0330807251040uea445cao29adebc9afa71127@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Thu, Jul 24, 2008 at 7:50 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> So you know, that generally means "wrong password". Have you tried
> kinit'ing first? Is it prompting you for a password?
I tried kinit, and it didn't work, but putting my real Kerberos
password in the password field worked. It looks like it's trying to
get a new set of credentials/tickets when authenticating, instead of
using stashed or readily available credentials.
This is better than nothing, but it would be very nice to not force
users to specify a password when connecting. It kinda defeats the
purpose of a single-sign-on authentication system, and I'd really
prefer not having users put their password in plaintext files, as it
seems rather insecure. At the very least, the password should be able
to be obscured or encrypted somehow in the connection, but even this
is less than ideal.
Is there any way to tell JDBC to use available KRB5/GSSAPI credentials?
> I'm *really* anxious to have GSSAPI support in JDBC and fully
> supported.. I've got it working in a test rig, but I need it working
> under Linux and Windows for a number of clients and I havn't had time to
> make sure all the issues are worked through. :/
Me too. Now I just have to get SSL working, too.
Peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2008-07-25 22:20:21 | Re: GSSAPI/KRB5 and JDBC (again) |
| Previous Message | Stephen Frost | 2008-07-25 00:50:12 | Re: GSSAPI/KRB5 and JDBC (again) |