-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat JBoss Data Virtualization
8.4. Kerberos Support: JDBC Client Configuration
Procedure 8.3. Setup Kerberos for JDBC Client
Set JAAS configuration
In the client VM the JAAS configuration for kerberos authentication needs to be written. Here is sample configuration file (client.conf
):Client { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true storeKey=true useKeyTab=true keyTab="/path/to/krb5.keytab" doNotPrompt=false debug=false principal="user@EXAMPLE.COM"; };
Set JVM configuration
Add the following JVM options to your client's startup script. Changerealm
andkdc
settings according to your environment:-Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=kerberos.example.com -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=false -Djava.security.auth.login.config=/path/to/client.conf
Or if you want to control thekdc
andrealm
system wide, use below instead.-Djava.security.krb5.conf=/path/to/krb5.conf (on Linux /etc/krb5.conf) -Djava.security.auth.login.config=/path/to/client.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=false
Set URL connection properties
Add the following URL connection properties to the JBoss Data Virtualization JDBC connection string:authenticationType=KRB5;jaasName=Client;kerberosServicePrincipleName=dv/my.host.com@EXAMPLE.COM
Note
There is no need to provide the username and password. When the application makes a JDBC connection, it will authenticate locally and use the same user credentials to negotiate a service token with the server and grant the connection. For more information on connection properties and how to configure data sources, see the JBoss Data Virtualization Platform Development Guide.