Re: GSSAPI Authentication using a CNAME - Mailing list pgsql-jdbc
| From | Dave Cramer |
|---|---|
| Subject | Re: GSSAPI Authentication using a CNAME |
| Date | |
| Msg-id | CADK3HH+SOfT8iggkZw8pkrUYg3yH7+GncSwJTRD0ffVTUO7B4A@mail.gmail.com Whole thread Raw |
| In response to | GSSAPI Authentication using a CNAME (Jason Breitman <jbreitman@tildenparkcapital.com>) |
| Responses |
Re: GSSAPI Authentication using a CNAME
|
| List | pgsql-jdbc |
HI Jason,
Top posting because I don't want to delete below. I am wondering if this is a java thing. The docs for GSSAPI for java are pretty horrible.
Is there a setting to deal with CNAME's ?
Dave
On Wed, 26 Aug 2020 at 19:00, Jason Breitman <jbreitman@tildenparkcapital.com> wrote:
DescriptionI am not able to connect to my PostgreSQL Server using the PostgreSQL JDBC Driver with GSSAPI when using the short name if the short name is a CNAME Record.The fully qualified domain name does work when it is a CNAME.For comparison, the psql client is able to connect using the short name when it is a CNAME.JDBC Versionpostgresql-42.2.16.jarDependanciescommons-cli-1.4$ cat /opt/pgsql/conf/jaas.confpgjdbc {com.sun.security.auth.module.Krb5LoginModule requireddoNotPrompt=trueuseTicketCache=truerenewTGT=truedebug=falseclient=true;};Code Snippet$ cat JDBCExample.javaimport java.sql.Connection;import java.sql.DriverManager;import java.sql.SQLException;import org.apache.commons.cli.CommandLine;import org.apache.commons.cli.CommandLineParser;import org.apache.commons.cli.DefaultParser;import org.apache.commons.cli.Option;import org.apache.commons.cli.Options;import org.apache.commons.cli.ParseException;public class JDBCExample {public static void main(String[] args) throws ParseException {Options options = new Options();Option host = Option.builder().longOpt("host").argName("host").hasArg().desc("Name of the PostgreSQL Server.").build();options.addOption(host);Option db = Option.builder().longOpt("db").argName("db").hasArg().desc("Name of the PostgreSQL Database.").build();options.addOption(db);CommandLineParser parser = new DefaultParser();CommandLine cmd = parser.parse( options, args);String jdbcUrl = "jdbc:postgresql://" + cmd.getOptionValue("host") + ":5432/" + cmd.getOptionValue("db");try (Connection conn = DriverManager.getConnection(jdbcUrl)) {if (conn != null) {System.out.println("Connected to the database!");} else {System.out.println("Failed to make connection!");}} catch (SQLException e) {System.err.format("SQL State: %s\n%s", e.getSQLState(), e.getMessage());} catch (Exception e) {e.printStackTrace();}}}Compilation Stepsjavac -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample.javaResults$ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample --host cname-hostname --db mydbSQL State: 08006GSS Authentication failed$ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample --host cname-hostname.example.com --db mydbConnected to the database!$ java -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=EXAMPLE.COM -Djava.security.auth.login.config=/opt/pgsql/conf/jaas.conf -cp .:postgresql-42.2.16.jar:commons-cli-1.4/commons-cli-1.4.jar JDBCExample --host hostname --db mydbConnected to the database!
Jason Breitman
pgsql-jdbc by date: