stackoom
  简体   繁体   中英

MongoDB 3.0.0/2/3 Java Driver Kerberos Authentication on Windows using JDK1.6.45

 原文  2015-07-23 18:29:51       java/ mongodb/ kerberos/ mongodb-java/ jdk1.6

Question

My Mongo server should be set up correctly since I can query against it using GSSAPI mechanism with client.

According to the documentation, Java Driver's Kerberos Authentication can be as simple as credentialList.add(MongoCredential.createGSSAPICredential("people/myhost.com@EXAMPLE.COM"));

The principal I used

  1. I tested with Mongo's enterprise version of client and it works: authenticated against Mongo server with Kerberos and can find() against it. (database test, principal "people/myhost.com@EXAMPLE.COM")
  2. kinit performed and the new ticket is showed in the klist, ticket cached stored under KRB5CCNAME=D:\\Kerberos\\tickets.txt (environment variable set)

To make sure krb5.ini/conf is read, I manually set the system property java.security.krb5.conf=C:/Windows/krb5.conf

Before I set the property javax.security.auth.useSubjectCredsOnly , GSSAPIAuthenticator.createSaslClient() catched exception of GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) .

After I set the property javax.security.auth.useSubjectCredsOnly=false , InternalStreamConnection.open() catched throwable: java.lang.SecurityException: Unable to locate a login configuration

I am really confused here. I thought it is using the ticket cache which is specified under KRB5CCNAME. If I use jaas configuration, what name should I assign it to be? 

Name {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="D:\\Kerberos\\people.keytab"
   useTicketCache=false;
};

I set it with a random name and it started complaining GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)) .

Can you guys help me on this? What else I can try here or are there more useful and detailed logs that I can enable in this case?

1 answers

solution1
 1  2015-08-17 15:11:50

Security error messages are cryptic, by design :-/

But there is a nice " security trace flag " property to help you debug GSSAPI config issues: 

-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question (MongoDB Java Driver (3.0.0-rc0)) UnknownHostException & Authentication Connection to MongoDB 2.6.3 using 3.0.0 driver from Java (eclipse) MongoDb database connection using java and authentication with 3.0.0 version Windows services authentication using Kerberos from Java program on linux Kerberos authentication using Java is failing How to get profile status from Secondary using mongodb java driver 3.0.0? Java process for authentication on Windows against AD (kerberos) Implement Kerberos authentication in java MongoDB Java driver Authentication - Version mismatch issue? Check MongoDB authentication with Java 3.0 driver
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM