Re: GSSAPI/KRB5 and JDBC (again) - Mailing list pgsql-jdbc

From Peter Koczan
Subject Re: GSSAPI/KRB5 and JDBC (again)
Date
Msg-id 4544e0330807251040uea445cao29adebc9afa71127@mail.gmail.com
Whole thread Raw
In response to Re: GSSAPI/KRB5 and JDBC (again)  (Stephen Frost <sfrost@snowman.net>)
Responses Re: GSSAPI/KRB5 and JDBC (again)
Re: GSSAPI/KRB5 and JDBC (again)
List pgsql-jdbc
On Thu, Jul 24, 2008 at 7:50 PM, Stephen Frost <sfrost@snowman.net> wrote:
> So you know, that generally means "wrong password".  Have you tried
> kinit'ing first?  Is it prompting you for a password?

I tried kinit, and it didn't work, but putting my real Kerberos
password in the password field worked. It looks like it's trying to
get a new set of credentials/tickets when authenticating, instead of
using stashed or readily available credentials.

This is better than nothing, but it would be very nice to not force
users to specify a password when connecting. It kinda defeats the
purpose of a single-sign-on authentication system, and I'd really
prefer not having users put their password in plaintext files, as it
seems rather insecure. At the very least, the password should be able
to be obscured or encrypted somehow in the connection, but even this
is less than ideal.

Is there any way to tell JDBC to use available KRB5/GSSAPI credentials?

> I'm *really* anxious to have GSSAPI support in JDBC and fully
> supported..  I've got it working in a test rig, but I need it working
> under Linux and Windows for a number of clients and I havn't had time to
> make sure all the issues are worked through. :/

Me too. Now I just have to get SSL working, too.

Peter

pgsql-jdbc by date:

Previous
From: Stephen Frost
Date:
Subject: Re: GSSAPI/KRB5 and JDBC (again)
Next
From: Stephen Frost
Date:
Subject: Re: GSSAPI/KRB5 and JDBC (again)