[英]MongoDB 3.0.0/2/3 Java Driver Kerberos Authentication on Windows using JDK1.6.45
My Mongo server should be set up correctly since I can query against it using GSSAPI mechanism with client. 我的Mongo服务器应正确设置,因为我可以通过客户端使用GSSAPI机制对其进行查询。
According to the documentation, Java Driver's Kerberos Authentication can be as simple as credentialList.add(MongoCredential.createGSSAPICredential("people/myhost.com@EXAMPLE.COM"));
根据文档,Java驱动程序的Kerberos身份验证可以像
credentialList.add(MongoCredential.createGSSAPICredential("people/myhost.com@EXAMPLE.COM"));
一样简单credentialList.add(MongoCredential.createGSSAPICredential("people/myhost.com@EXAMPLE.COM"));
The principal I used 我用的校长
To make sure krb5.ini/conf is read, I manually set the system property java.security.krb5.conf=C:/Windows/krb5.conf 为了确保读取krb5.ini / conf,我手动设置系统属性java.security.krb5.conf = C:/Windows/krb5.conf
Before I set the property javax.security.auth.useSubjectCredsOnly
, GSSAPIAuthenticator.createSaslClient()
catched exception of GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
. 在设置属性
javax.security.auth.useSubjectCredsOnly
之前, GSSAPIAuthenticator.createSaslClient()
异常GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
。
After I set the property javax.security.auth.useSubjectCredsOnly=false
, InternalStreamConnection.open()
catched throwable: java.lang.SecurityException: Unable to locate a login configuration
设置属性
javax.security.auth.useSubjectCredsOnly=false
,捕获了InternalStreamConnection.open()
抛出: java.lang.SecurityException: Unable to locate a login configuration
I am really confused here. 我真的很困惑。 I thought it is using the ticket cache which is specified under KRB5CCNAME.
我以为它使用的是KRB5CCNAME下指定的票证缓存。 If I use jaas configuration, what name should I assign it to be?
如果我使用jaas配置,应将其分配给哪个名称?
Name {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="D:\\Kerberos\\people.keytab"
useTicketCache=false;
};
I set it with a random name and it started complaining GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
. 我给它设置了一个随机名称,它开始抱怨
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))
。
Can you guys help me on this? 你们可以帮我吗? What else I can try here or are there more useful and detailed logs that I can enable in this case?
在这种情况下,我还能尝试什么呢?还是可以使用更有用和详细的日志?
Security error messages are cryptic, by design :-/ 安全错误消息是设计隐秘的:-/
But there is a nice " security trace flag " property to help you debug GSSAPI config issues: 但是有一个不错的“ 安全跟踪标志 ”属性可以帮助您调试GSSAPI配置问题:
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.