From: | Dave Cramer <davecramer(at)postgres(dot)rocks> |
---|---|
To: | Jason Breitman <jbreitman(at)tildenparkcapital(dot)com> |
Cc: | pgsql-jdbc(at)lists(dot)postgresql(dot)org |
Subject: | Re: GSSAPI Authentication using a CNAME |
Date: | 2020-08-27 11:24:21 |
Message-ID: | CADK3HH+SOfT8iggkZw8pkrUYg3yH7+GncSwJTRD0ffVTUO7B4A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
HI Jason,
Top posting because I don't want to delete below. I am wondering if this is
a java thing. The docs for GSSAPI for java are pretty horrible.
Is there a setting to deal with CNAME's ?
Dave
On Wed, 26 Aug 2020 at 19:00, Jason Breitman <
jbreitman(at)tildenparkcapital(dot)com> wrote:
> *Description*
> I am not able to connect to my PostgreSQL Server using the PostgreSQL JDBC
> Driver with GSSAPI when using the short name if the short name is a CNAME
> Record.
> The fully qualified domain name does work when it is a CNAME.
>
> For comparison, the psql client is able to connect using the short name when
> it is a CNAME.
>
> *JDBC Version*
> postgresql-42.2.16.jar
>
> *Dependancies*
> commons-cli-1.4
>
> $ cat /opt/pgsql/conf/jaas.conf
> pgjdbc {
> com.sun.security.auth.module.Krb5LoginModule required
> doNotPrompt=true
> useTicketCache=true
> renewTGT=true
> debug=false
> client=true;
> };
>
> *Code Snippet*
> $ cat JDBCExample.java
> import java.sql.Connection;
> import java.sql.DriverManager;
> import java.sql.SQLException;
>
> import org.apache.commons.cli.CommandLine;
> import org.apache.commons.cli.CommandLineParser;
> import org.apache.commons.cli.DefaultParser;
> import org.apache.commons.cli.Option;
> import org.apache.commons.cli.Options;
> import org.apache.commons.cli.ParseException;
>
> public class JDBCExample {
>
> public static void main(String[] args) throws ParseException {
>
> Options options = new Options();
>
> Option host = Option.builder()
> .longOpt("host")
> .argName("host")
> .hasArg()
> .desc("Name of the PostgreSQL Server.")
> .build();
>
> options.addOption(host);
>
> Option db = Option.builder()
> .longOpt("db")
> .argName("db")
> .hasArg()
> .desc("Name of the PostgreSQL Database.")
> .build();
>
> options.addOption(db);
>
> CommandLineParser parser = new DefaultParser();
> CommandLine cmd = parser.parse( options, args);
>
> String jdbcUrl = "jdbc:postgresql://" + cmd.getOptionValue("host")
> + ":5432/" + cmd.getOptionValue("db");
>
> try (Connection conn = DriverManager.getConnection(jdbcUrl)) {
>
> if (conn != null) {
> System.out.println("Connected to the database!");
> } else {
> System.out.println("Failed to make connection!");
> }
>
> } catch (SQLException e) {
> System.err.format("SQL State: %s\n%s", e.getSQLState(),
> e.getMessage());
> } catch (Exception e) {
> e.printStackTrace();
> }
>
> }
> }
>
> *Compilation Steps*
> javac -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar
> JDBCExample.java
>
> *Results*
> $ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=
> EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf
> -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar
> JDBCExample --host cname-hostname --db mydb
> SQL State: 08006
> GSS Authentication failed
>
> $ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=
> EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf
> -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar
> JDBCExample --host cname-hostname.example.com --db mydb
> Connected to the database!
>
> $ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=
> EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf
> -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar
> JDBCExample --host hostname --db mydb
> Connected to the database!
>
>
> Jason Breitman
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Cramer | 2020-08-27 11:26:00 | Re: Allow sslrootcert to accept more than one certificate |
Previous Message | Peter Eisentraut | 2020-08-27 08:34:09 | Support for OUT parameters in procedures |