If I kinit the principal 'bgiles/postgres@INVARIANTPROPERTIES.COM' I can successfully connect to the database as the 'bgiles' user. I have confidence is the PostgreSQL configuration.
I can take the keytab file containing the key, add a JAAS configuration file, and successfully authenticate to the KDC. I have confidence that that's correct although there might be small tweaks possible. (E.g., should the JAAS principal field include @REALM?)
However when I try to connect via JDBC (using JAAS and a keytab file) I seem to fail at the pg_ident.conf step.
2016-04-21 19:36:22 UTC [10992-2] bgiles/postgres@SNAPLOGIC.COM@bgiles LOG: no match in usermap "gss" for user "bgiles/postgres" authenticated as "bgiles/postgres@SNAPLOGIC.COM"
2016-04-21 19:36:22 UTC [10992-3] bgiles/postgres@SNAPLOGIC.COM@bgiles FATAL: GSSAPI authentication failed for user "bgiles/postgres@SNAPLOGIC.COM"
2016-04-21 19:36:22 UTC [10992-4] bgiles/postgres@SNAPLOGIC.COM@bgiles DETAIL: Connection matched pg_hba.conf line 100: "hostallall75.144.16.201/32gss include_realm=1 map=gss krb_realm=SNAPLOGIC.COM"
That happens with a jdbc username of 'bgiles', 'bgiles/postgres', or 'bgiles/postgres@SNAPLOGIC.COM'.
Have other people looked at Kerberos + JDBC? I'm also looking at the JDBC driver code and I might have noticed something that would cause problems but I wanted to check with others before I tried hacking on it.
