Skip site navigation (1) Skip section navigation (2)

Re: GSSAPI/KRB5 and JDBC (again)

From: "Peter Koczan" <pjkoczan(at)gmail(dot)com>
To: "Kris Jurka" <books(at)ejurka(dot)com>
Cc: pgsql-jdbc(at)postgresql(dot)org, sfrost(at)snowman(dot)net
Subject: Re: GSSAPI/KRB5 and JDBC (again)
Date: 2008-07-29 17:31:20
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-jdbc
On Mon, Jul 28, 2008 at 11:35 PM, Kris Jurka <books(at)ejurka(dot)com> wrote:
> It tries to use the provided password only if it doesn't find an existing
> set of credentials.  It definitely works for me without a password after
> kinit(ing).  Perhaps your ticket cache or keytab is in a non-standard place?
>  This is the first and only time I've setup a kerberos server, so I may have
> done something unusual on my end too, but I basically just did a stock
> Debian install.  Perhaps you need some additional options from here in your
> login.conf to let it know things particular to your setup?

Our ticket cache location is somewhat random on each login, but it can
always be reliably found by looking at the environment variable
KRB5CCNAME. I can specify the temporary location, but it would be much
better to somehow be able to grab the auth info from that.

I got this working after a few attempts and reading up on Java auth
configs. It looks like I have to have the line which tells which user
to use, i.e.

        props.setProperty("user", "koczan");

...but it has to be the same as the user/principal in the ticket
cache. It would be nice in the case of web scripts or cron jobs (where
things may run as different or arbitrary users) if I could specify
that elsewhere without having to recompile. I tried specifying the
principal in the config file, and I tried specifying the user on the
command line with -D, but neither worked without the setProperty line
in the .java file.

org.postgresql.util.PSQLException: FATAL: no PostgreSQL user name
specified in startup packet

Still, this is a lot further along compared to where I was a week ago.
Thanks again.


In response to


pgsql-jdbc by date

Next:From: Kris JurkaDate: 2008-07-29 18:37:30
Subject: Re: GSSAPI/KRB5 and JDBC (again)
Previous:From: Kris JurkaDate: 2008-07-29 17:09:56
Subject: Re: numeric type

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group