1
我試圖使用Kerberos連接到數據庫,除了兩個問題,一切正常。首先,當我執行我的代碼時,我被問到兩次輸入密碼的次數不是一次,而是兩次。然後我的查詢被髮送到我的數據庫並返回結果。GSS JAAS無法讀取密鑰庫/選項卡
上述問題源於我相信根本原因,或者我遇到的第二個問題是,我JDK無法讀取密鑰表。
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
principal="[email protected]"
useDefaultCcache=true
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
ticketCache=true
storeKey=true;
};
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings {hosts=[realm:27017], mode=MULTIPLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Adding discovered server realm:27017 to client view of cluster
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=MULTIPLE, all=[ServerDescription{address=realm:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
Kerberos password for [email protected]: ******
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:1, serverValue:1001}] to realm:27017
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Monitor thread successfully connected to server with description ServerDescription{address=realm:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 5]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=128643970}
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Discovered cluster type of STANDALONE
Kerberos password for [email protected]: ******
Apr 22, 2016 2:27:57 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:2, serverValue:1002}] to realm:27017
****output from mongo****
我明白,我沒有禁用鍵盤輸入,但是這是因爲當你從輸出見上我無法讀取密鑰表或高速緩存。
服務器和客戶端都有匹配的krb5.conf,我能夠kinit,ktadd,klist都希望校長擁有正確的enc類型。
我甚至去chmod 777 keytab只是爲了確保這不是一個權限問題。
請註明您自己的答案在這種情況下被「接受」。 –