From: | Jason Breitman <jbreitman(at)tildenparkcapital(dot)com> |
---|---|
To: | pgsql-jdbc(at)lists(dot)postgresql(dot)org |
Subject: | GSSAPI Authentication using a CNAME |
Date: | 2020-08-26 22:59:31 |
Message-ID: | 46ED2944-0C18-44A1-A4B9-C8D94A6FD000@tildenparkcapital.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Description
I am not able to connect to my PostgreSQL Server using the PostgreSQL JDBC Driver with GSSAPI when using the short name if the short name is a CNAME Record.
The fully qualified domain name does work when it is a CNAME.
For comparison, the psql client is able to connect using the short name when it is a CNAME.
JDBC Version
postgresql-42.2.16.jar
Dependancies
commons-cli-1.4
$ cat /opt/pgsql/conf/jaas.conf
pgjdbc {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useTicketCache=true
renewTGT=true
debug=false
client=true;
};
Code Snippet
$ cat JDBCExample.java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
public class JDBCExample {
public static void main(String[] args) throws ParseException {
Options options = new Options();
Option host = Option.builder()
.longOpt("host")
.argName("host")
.hasArg()
.desc("Name of the PostgreSQL Server.")
.build();
options.addOption(host);
Option db = Option.builder()
.longOpt("db")
.argName("db")
.hasArg()
.desc("Name of the PostgreSQL Database.")
.build();
options.addOption(db);
CommandLineParser parser = new DefaultParser();
CommandLine cmd = parser.parse( options, args);
String jdbcUrl = "jdbc:postgresql://" + cmd.getOptionValue("host") + ":5432/" + cmd.getOptionValue("db");
try (Connection conn = DriverManager.getConnection(jdbcUrl)) {
if (conn != null) {
System.out.println("Connected to the database!");
} else {
System.out.println("Failed to make connection!");
}
} catch (SQLException e) {
System.err.format("SQL State: %s\n%s", e.getSQLState(), e.getMessage());
} catch (Exception e) {
e.printStackTrace();
}
}
}
Compilation Steps
javac -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample.java
Results
$ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample --host cname-hostname --db mydb
SQL State: 08006
GSS Authentication failed
$ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample --host cname-hostname.example.com --db mydb
Connected to the database!
$ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample --host hostname --db mydb
Connected to the database!
Jason Breitman
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2020-08-27 08:34:09 | Support for OUT parameters in procedures |
Previous Message | Vladimir Sitnikov | 2020-08-25 10:15:29 | [pgjdbc/pgjdbc] 4a4e66: fix: avoid removal type annotations on "this" so t... |