ymartin59
commented
4 years ago Hello Andrey Which JDBC driver and database vendor are you using? Regards Yves
Open avitcon opened 5 years ago
ymartin59
commented
4 years ago Hello Andrey Which JDBC driver and database vendor are you using? Regards Yves
ymartin59
commented
4 years ago Another question: is your setup running on a single realm, or are you using multiple trusted domains (cross-realm setup)?
avitcon
commented
4 years ago Hello Martin, I have used Oracle and Exasol JDBC drivers on the single realm.
ymartin59
commented
4 years ago From my point of view, "JDBC driver supports Kerberos" means it is designed to query TGS for database SPN from the current JAAS Subject which should contain end user's GSS context. Recent OpenJDK code contains support for both classical Kerberos V5 delegation (when end-user TGT is forwarded) and Kerberos Constrained Delegation. You should request vendor (Exasol) about Kerberos support to confirm driver retrieve GSS context from JAAS Subject and really uses Java standard runtime Kerberos implementation.
bhushan1987
commented
4 years ago I've done a lot of investigation on Kerberos constrained delegation, and finally I've figured out the correct way of doing it using Java. I think following post will be helpful.
Hallo Martin,
May be you can help me to explore one task: there's a web application on the Tomcat server, that is kerberised. The authentication to the app works perfectly. In this app I want to establish kerberised JDBC connection to the Database. JDBC driver supports the Kerberos. I have tried S4U unsuccessful, I couldn't obtain right credentials for JBDC connection. Could you advise me an idea or direction of a resolving.
Best regards,
Andrey