Thread: Can't connect to DB using GSS(Kerberos) aut
Ok, let me try that again. I tried
I prepared a pastebin link as an alternative for better reading, but the mailing list does not seem to allow these links. <sigh>
Thanks
Before I did anything I checked the ticket cache:
someuser*clienthost:~$ kinit -k -t drhouse.keytab -p drhouse
someuser*clienthost:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_20000_Z95lup
Default principal: drhouse*HOSPITAL#DE
Valid starting Expires Service principal
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx krbtgt/HOSPITAL#DE*HOSPITAL#DE
renew until 14.05.2015 xx:xx:xx, Flags: FPRIA
//////////////////////////////////////////////////////////////////
This is the corresponding keytab for drhouse:
someuser*clienthost:~$ ktutil
ktutil: read_kt drhouse.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------
1 5 drhouse*HOSPITAL#DE
2 5 drhouse*HOSPITAL#DE
3 5 drhouse*HOSPITAL#DE
4 5 drhouse*HOSPITAL#DE
//////////////////////////////////////////////////////////////////
Now I launched eclipse from that shell and tried something like this:
Properties connectionProps = new Properties();
connectionProps.setProperty("user", "drhouse");
connectionProps.setProperty("loglevel", Integer.toString(org.postgresql.Driver.DEBUG));
String databaseUrl = "jdbc:" + DBMS + "://" + HOST + "/" + DATABASE;
connection = DriverManager.getConnection(databaseUrl, connectionProps);
//////////////////////////////////////////////////////////////////
The result was a failure to connect:
xx:xx:xx.879 (1) PostgreSQL 9.2 JDBC3 (build 1002)
xx:xx:xx.883 (1) Trying to establish a protocol version 3 connection to databasehost:5432
xx:xx:xx.895 (1) Receive Buffer Size is 186240
xx:xx:xx.895 (1) Send Buffer Size is 43520
xx:xx:xx.895 (1) FE=> StartupPacket(user=drhouse, database=measurements, client_encoding=UTF8, DateStyle=ISO, extra_float_digits=2, TimeZone=Europe/Berlin)
xx:xx:xx.898 (1) <=BE AuthenticationReqGSS
org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:47)
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:486)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:173)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:64)
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:136)
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
at org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at tlogger.TLogger.start(TLogger.java:123)
at tlogger.TLogger.main(TLogger.java:108)
SQLException: SQLState(08006)
getConnection failed: org.postgresql.util.PSQLException: GSS Authentication failed
GSS Authentication failed
//////////////////////////////////////////////////////////////////
On the server this looked like that:
2015-05-13 xx:xx:xx CEST LOG: connection received: host=databasehostip port=39829
2015-05-13 xx:xx:xx CEST FATAL: GSSAPI authentication failed for user "drhouse"
2015-05-13 xx:xx:xx CEST DETAIL: Connection matched pg_hba.conf line 95: "host all all ne#tm#as#k/16 gss"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
BUT when I tried to connect using psql (from that very same shell):
someuser*clienthost:/$ psql -U drhouse -h databasehost measurements
psql (9.4.1, server 9.3.6)
SSL connection (protocol: TLSv1.2, cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.
measurements=>
//////////////////////////////////////////////////////////////////
Looking at the ticket cache:
someuser*clienthost:~/eclipse$ klist -f
Ticket cache: FILE:/tmp/krb5cc_20000_Z95lup
Default principal: drhouse*HOSPITAL#DE
Valid starting Expires Service principal
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx krbtgt/HOSPITAL#DE*HOSPITAL#DE
renew until 14.05.2015 xx:xx:xx, Flags: FPRIA
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx postgres/databasehost#dep#hospital#de*
renew until 14.05.2015 xx:xx:xx, Flags: FPRAT
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx postgres/databasehost#dep#hospital#de*HOSPITAL#DE
renew until 14.05.2015 xx:xx:xx, Flags: FPRAT
//////////////////////////////////////////////////////////////////
Any hint on what might be going wrong?
Thanks,
Alex
to
format the text for better reading. Hopefully this will work.I prepared a pastebin link as an alternative for better reading, but the mailing list does not seem to allow these links. <sigh>
Thanks
Before I did anything I checked the ticket cache:
someuser*clienthost:~$ kinit -k -t drhouse.keytab -p drhouse
someuser*clienthost:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_20000_Z95lup
Default principal: drhouse*HOSPITAL#DE
Valid starting Expires Service principal
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx krbtgt/HOSPITAL#DE*HOSPITAL#DE
renew until 14.05.2015 xx:xx:xx, Flags: FPRIA
//////////////////////////////////////////////////////////////////
This is the corresponding keytab for drhouse:
someuser*clienthost:~$ ktutil
ktutil: read_kt drhouse.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------------------------
1 5 drhouse*HOSPITAL#DE
2 5 drhouse*HOSPITAL#DE
3 5 drhouse*HOSPITAL#DE
4 5 drhouse*HOSPITAL#DE
//////////////////////////////////////////////////////////////////
Now I launched eclipse from that shell and tried something like this:
Properties connectionProps = new Properties();
connectionProps.setProperty("user", "drhouse");
connectionProps.setProperty("loglevel", Integer.toString(org.postgresql.Driver.DEBUG));
String databaseUrl = "jdbc:" + DBMS + "://" + HOST + "/" + DATABASE;
connection = DriverManager.getConnection(databaseUrl, connectionProps);
//////////////////////////////////////////////////////////////////
The result was a failure to connect:
xx:xx:xx.879 (1) PostgreSQL 9.2 JDBC3 (build 1002)
xx:xx:xx.883 (1) Trying to establish a protocol version 3 connection to databasehost:5432
xx:xx:xx.895 (1) Receive Buffer Size is 186240
xx:xx:xx.895 (1) Send Buffer Size is 43520
xx:xx:xx.895 (1) FE=> StartupPacket(user=drhouse, database=measurements, client_encoding=UTF8, DateStyle=ISO, extra_float_digits=2, TimeZone=Europe/Berlin)
xx:xx:xx.898 (1) <=BE AuthenticationReqGSS
org.postgresql.util.PSQLException: GSS Authentication failed
at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:47)
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:486)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:173)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:64)
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:136)
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
at org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:393)
at org.postgresql.Driver.connect(Driver.java:267)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at tlogger.TLogger.start(TLogger.java:123)
at tlogger.TLogger.main(TLogger.java:108)
SQLException: SQLState(08006)
getConnection failed: org.postgresql.util.PSQLException: GSS Authentication failed
GSS Authentication failed
//////////////////////////////////////////////////////////////////
On the server this looked like that:
2015-05-13 xx:xx:xx CEST LOG: connection received: host=databasehostip port=39829
2015-05-13 xx:xx:xx CEST FATAL: GSSAPI authentication failed for user "drhouse"
2015-05-13 xx:xx:xx CEST DETAIL: Connection matched pg_hba.conf line 95: "host all all ne#tm#as#k/16 gss"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
BUT when I tried to connect using psql (from that very same shell):
someuser*clienthost:/$ psql -U drhouse -h databasehost measurements
psql (9.4.1, server 9.3.6)
SSL connection (protocol: TLSv1.2, cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.
measurements=>
//////////////////////////////////////////////////////////////////
Looking at the ticket cache:
someuser*clienthost:~/eclipse$ klist -f
Ticket cache: FILE:/tmp/krb5cc_20000_Z95lup
Default principal: drhouse*HOSPITAL#DE
Valid starting Expires Service principal
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx krbtgt/HOSPITAL#DE*HOSPITAL#DE
renew until 14.05.2015 xx:xx:xx, Flags: FPRIA
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx postgres/databasehost#dep#hospital#de*
renew until 14.05.2015 xx:xx:xx, Flags: FPRAT
13.05.2015 xx:xx:xx 13.05.2015 xx:xx:xx postgres/databasehost#dep#hospital#de*HOSPITAL#DE
renew until 14.05.2015 xx:xx:xx, Flags: FPRAT
//////////////////////////////////////////////////////////////////
Any hint on what might be going wrong?
Thanks,
Alex