1. 首頁
  2. 問答
  3. JDBC的Kerberos甲骨文認證

JDBC的Kerberos甲骨文認證

2017-02-23 56 views
0

使用這個例子中,幾乎讓我的連接如工作JDBC的Kerberos甲骨文認證

http://blogs.nologin.es/rickyepoderi/index.php?/archives/105-Oracle-Driver-and-Kerberos.html

但後啓用Kerberos緩存和調試它正確地讓我的委託人名稱和憑據成功的有與車票相關的錯誤。

票券與okinit(從Oracle甲骨文12使用kinit)

 
Exception in thread "main" java.sql.SQLRecoverableException: Error de E/S: The service in process is not supported. Failure unspecified at GSS-API level (Mechanism level: Generic error (description in e-text) (60) - ASN.1 unexpected field number) 
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:743) 
    at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:666) 
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32) 
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:566) 
    at java.sql.DriverManager.getConnection(DriverManager.java:571) 
    at java.sql.DriverManager.getConnection(DriverManager.java:187) 
    at JdbcThin.main(JdbcThin.java:39) 
Caused by: oracle.net.ns.NetException: The service in process is not supported. Failure unspecified at GSS-API level (Mechanism level: Generic error (description in e-text) (60) - ASN.1 unexpected field number) 
    at oracle.net.ano.AuthenticationService.run(Unknown Source) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at javax.security.auth.Subject.doAs(Subject.java:415) 
    at oracle.net.ano.AuthenticationService.e(Unknown Source) 
    at oracle.net.ano.Ano.negotiation(Unknown Source) 
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:293) 
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452) 
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496) 
    ... 6 more 
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Generic error (description in e-text) (60) - ASN.1 unexpected field number) 
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:710) 
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) 
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) 
    ... 14 more 
Caused by: KrbException: Generic error (description in e-text) (60) - ASN.1 unexpected field number 
    at sun.security.krb5.KrbApRep.(KrbApRep.java:126) 
    at sun.security.krb5.KrbApRep.(KrbApRep.java:102) 
    at sun.security.krb5.KrbApRep.(KrbApRep.java:75) 
    at sun.security.jgss.krb5.AcceptSecContextToken.(AcceptSecContextToken.java:89) 
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:696) 
    ... 16 more 
Caused by: KrbException: Identifier doesn't match expected value (906) 
    at sun.security.krb5.internal.APRep.init(APRep.java:92) 
    at sun.security.krb5.internal.APRep.(APRep.java:75) 
    at sun.security.krb5.KrbApRep.(KrbApRep.java:116) 
    ... 20 more

我使用的是Java 7的,但有一個在使用上沒有問題另外一個產生。有沒有辦法用jvm正確讀取票證(請參閱jdk的kinit,也不要創建正確的票證)

來源

2017-02-23 albfan

回答

0

我分享這段代碼一直在爲我工作。你有沒有設置kerberos緩存文件的位置?

OracleDriver driver = new OracleDriver(); 
Properties prop = new Properties(); 

prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES, 
    "("+AnoServices.AUTHENTICATION_KERBEROS5+")"); 
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_MUTUAL, 
    "true");  

/* If you get the following error [Unable to obtain Principal Name for 
* authentication] although you know that you have the right TGT in your 
* credential cache, then it's probably because the JVM can't locate your 
* cache. 
* For example, here my credential cache is 
*  C:\Documents and Settings\Jean de Lavarene\krb5cc 
* because when I run klist I get the following: 
* > ./klist 
* Ticket cache: FILE:C:\Documents and Settings\Jean de Lavarene\krb5cc 
* Default principal: [email protected] 
* 
* Valid starting  Expires   Service principal 
* 06/21/16 13:23:02 06/21/16 23:23:02 krbtgt/[email protected] 
* renew until 06/21/16 13:23:02 
* This isn't the default location, so I need to provide the location. Note 
* that the default location on windows is "C:\Documents and Settings\krb5cc_username". 
*/ 
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME, 
    "C:\\Documents and Settings\\Jean de Lavarene\\krb5cc"); 
Connection conn = driver.connect(url,prop); 
String auth = ((OracleConnection)conn).getAuthenticationAdaptorName(); 
System.out.println("Authentication adaptor="+auth);

來源

2017-02-23 19:30:49

+0

我有緩存添加(正如我說的,它從它讀取憑據正確)您是否使用此代碼對甲骨文11或更低? oracle 12需要自己實現kinit(okinit) – albfan

+0

這是11.2版本的Oracle數據庫。我會嘗試使用12。 –

相關問題

 相關問題