Reputation: 3486
Cannot locate default realm from javaKerberos Sql Server connection on docker Linux
I'm trying to connect to a sql server instance via javaKerberos. I can get this to work on Windows (non-docker) and a nondocker Linux instance, but I keep getting a "Cannot locate default realm" error on Linux docker. Note, I'm running an Amazon Linux docker image because ultimately I'm trying to get this to work on ECS, though at the moment im testing this on my Docker Desktop for Windows.
Do any of you have any suggestion on what to try? I've tried MANY combnations of the krb5.conf and various java command line flags, but nothing has worked yet.
Below is all the pertinent kerberos config items I've been using.
Command to run jar on docker instance
java -jar app.jar -Djava.security.krb5.conf=/opt/krb5.conf -Djava.security.auth.login.config=/opt/jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false
EXCEPTION
Caused by: org.ietf.jgss.GSSException: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:129) ~[na:1.8.0_252]
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95) ~[na:1.8.0_252]
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:203) ~[na:1.8.0_252]
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:477) ~[na:1.8.0_252]
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201) ~[na:1.8.0_252]
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170) ~[na:1.8.0_252]
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:151) ~[na:1.8.0_252]
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:128) ~[na:1.8.0_252]
at com.microsoft.sqlserver.jdbc.KerbAuthentication.intAuthInit(KerbAuthentication.java:58) ~[mssql-jdbc-7.4.1.jre8.jar!/:na]
krb5.conf
[libdefaults]
default_realm = US.TEST.COM
dns_lookup_kdc = true
dns_lookup_realm = true
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
udp_preference_limit = 1
[realms]
US.TEST.COM = {
kdc = crldap1.us.test.com
admin_server =crldap1.us.test.com
}
[domain_realm]
.us.test.com = US.TEST.COM
us.test.com = US.TEST.COM
[default_realm]
.us.test.com = US.TEST.COM
us.test.com = US.TEST.COM
jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true
doNotPrompt=true;
};
Connection String
spring.datasource.url =jdbc:sqlserver://DBSERVER\\SERVER_DEV;databaseName=DB1;authenticationScheme=JavaKerberos;integratedSecurity=true;[email protected];password=P@SSW0RD
Upvotes: 2
Views: 11028
Answers (1)
Reputation: 117
One thing you could always check is the encoding of the krb5.conf file.
We've had trouble with the encoding being automatically set to UTF-8-BOM.
Apparently some systems can't handle that and thus can't read the krb5.conf. This will trigger the KrbException: Cannot locate default realm.
Changing the encoding to UTF-8 did the trick for me.
Should this not work I would suggest checking if the krb5.conf file cannot be read for some other reason. In my experience this error is usually caused by problems in reading the file.
Upvotes: 0
Related Questions
- Login failed for user SA, when connecting to SQL Server Docker container, deployed in Kubernetes
- What are the default SQL Server credentials created via docker?
- How can I get Kerberos authentication to work in a Docker Linux container hosting a .Net 6 application with a SqlConnnection?
- Unable to connect to SQL server wuth JBoss docker image for KeyCloak
- Cannot connect to remote MSSQL database from stacked docker container
- SQLJDBCDriver -jaas.conf -kerberos
- JDBC Realm configuration in tomcat
- Tomcat jdbc connection "nullpointerexception" for realm
- How to configure jdbc-realm to jBoss jbpm
- How to configure a jdbc realm in glassfish 3.0