Red Hat Training

A Red Hat training course is available for Red Hat JBoss Data Virtualization

8.4. Kerberos Support: JDBC Client Configuration

Procedure 8.3. Setup Kerberos for JDBC Client

  1. Set JAAS configuration

    In the client VM the JAAS configuration for kerberos authentication needs to be written. Here is sample configuration file (client.conf): 
    			Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useTicketCache=true
    storeKey=true
    useKeyTab=true 
    keyTab="/path/to/krb5.keytab" 
    doNotPrompt=false 
    debug=false
    principal="user@EXAMPLE.COM";
};

  2. Set JVM configuration

    Add the following JVM options to your client's startup script. Change realm and kdc settings according to your environment: 
    -Djava.security.krb5.realm=EXAMPLE.COM
-Djava.security.krb5.kdc=kerberos.example.com
-Djavax.security.auth.useSubjectCredsOnly=false
-Dsun.security.krb5.debug=false
-Djava.security.auth.login.config=/path/to/client.conf
    Or if you want to control the kdc and realm system wide, use below instead. 
    -Djava.security.krb5.conf=/path/to/krb5.conf (on Linux /etc/krb5.conf)
-Djava.security.auth.login.config=/path/to/client.conf
-Djavax.security.auth.useSubjectCredsOnly=false
-Dsun.security.krb5.debug=false

  3. Set URL connection properties

    Add the following URL connection properties to the JBoss Data Virtualization JDBC connection string: 
    authenticationType=KRB5;jaasName=Client;kerberosServicePrincipleName=dv/my.host.com@EXAMPLE.COM

Note

There is no need to provide the username and password. When the application makes a JDBC connection, it will authenticate locally and use the same user credentials to negotiate a service token with the server and grant the connection. For more information on connection properties and how to configure data sources, see the JBoss Data Virtualization Platform Development Guide.