How to connect to Postgres from Spring Boot using GSS API?

Question

I'm try use GSS API for auth in PostgreSQL from Spring Boot;

I'm use virtual machine with Postgres (it's in my domain). I can connect to Postgres using my Windows account in Windows using psql tool. But I can't connect to Postgres from Spring on my Windows machine. My application.properties:

spring.datasource.url=jdbc:postgresql://ubuntupostgre.mydomain.local:5432/postgres

My Java class:

package com.example.jdbckerberos;


import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.CommandLineRunner;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Component;

@Slf4j
@Component
@RequiredArgsConstructor
public class DatabaseTester implements CommandLineRunner {

    private final JdbcTemplate jdbcTemplate;

    @Override
    public void run(String... args) throws Exception {

        System.setProperty("java.security.krb5.conf", "C:\\dev\\experiments\\jdbc-kerberos\\krb5.conf");
        System.setProperty("java.security.krb5.realm", "MYDOMAIN.LOCAL");
        System.setProperty("java.security.krb5.kdc", "192.168.11.19");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        System.setProperty("java.security.auth.login.config", "C:\\dev\\experiments\\jdbc-kerberos\\jaas.conf");

        String sql = "SELECT 1";
        Integer result = jdbcTemplate.queryForObject(sql, Integer.class);
        log.info("Connection successful. Result: " + result);
    }
}

my jaas.conf:

pgjdbc {
com.sun.security.auth.module.Krb5LoginModule required
refreshKrb5Config=true
keyTab="C:\\dev\experiments\\jdbc-kerberos\\krb5.keytab"
doNotPrompt=true
useTicketCache=true
renewTGT=true
useKeyTab=true
debug=true
client=true
principal="ivan.fomkin@MYDOMAIN.LOCAL";
};

my krb5.conf:

[libdefaults]
        default_realm = MYDOMAIN.LOCAL
        allow_weak_crypto = true
        dns_lookup_realm = false
        dns_lookup_kdc = true
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
[realms]
        MYDOMAIN.LOCAL = {
                kdc = 192.168.11.19
                kdc = 192.168.12.19
                admin_server = 192.168.11.19
        }
[domain_realm]
        .mydomain.local = MYDOMAIN.LOCAL
        mydomain.local = MYDOMAIN.LOCAL

When I'm run my app in Windows machine I get this error in console:

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

    at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:880) ~[jdk.security.auth:na]
    at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:743) ~[jdk.security.auth:na]
    at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:597) ~[jdk.security.auth:na]
    at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:734) ~[na:na]
    at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:672) ~[na:na]
    at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:670) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na]
    at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:670) ~[na:na]
    at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:580) ~[na:na]
    at org.postgresql.gss.MakeGSS.authenticate(MakeGSS.java:147) ~[postgresql-42.6.0.jar:42.6.0]
    ... 31 common frames omitted

In Postges log i found:

2023-06-30 07:51:21.218 UTC [3225359] ivan.fomkin@postgres FATAL: GSSAPI authentication failed for user "ivan.fomkin" 2023-06-30 07:51:21.218 UTC [3225359] ivan.fomkin@postgres DETAIL: Connection matched pg_hba.conf line 105: "host all all 0.0.0.0/0 gss include_realm=1 krb_realm=MYDOMAIN.LOCAL map=gssmap"

When I'm run it in my virtual Ubuntu machine with Postgres from my domain user (ivan.fomkin) I get this error:

Caused by: org.postgresql.util.PSQLException: The server requested SCRAM-based authentication, but no password was provided.

My Java class for Ubuntu:

My Java class:

package com.example.jdbckerberos;


import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.CommandLineRunner;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Component;

@Slf4j
@Component
@RequiredArgsConstructor
public class DatabaseTester implements CommandLineRunner {

    private final JdbcTemplate jdbcTemplate;

    @Override
    public void run(String... args) throws Exception {

        System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
        System.setProperty("java.security.krb5.realm", "MYDOMAIN.LOCAL");
        System.setProperty("java.security.krb5.kdc", "192.168.11.19");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        System.setProperty("java.security.auth.login.config", "/home/i_fomkin/jaas.conf");

        String sql = "SELECT 1";
        Integer result = jdbcTemplate.queryForObject(sql, Integer.class);
        log.info("Connection successful. Result: " + result);
    }
}

and my jaas.conf for Ubuntu:

my jaas.conf:

pgjdbc {
com.sun.security.auth.module.Krb5LoginModule required
refreshKrb5Config=true
keyTab="/home/i_fomkin/krb5.keytab"
doNotPrompt=true
useTicketCache=true
renewTGT=true
useKeyTab=true
debug=true
client=true
principal="ivan.fomkin@MYDOMAIN.LOCAL";
};

In Postgres log I found it:

2023-06-30 08:02:56.821 UTC [3229566] ivan.fomkin@postgres FATAL:  password authentication failed for user "ivan.fomkin"
2023-06-30 08:02:56.821 UTC [3229566] ivan.fomkin@postgres DETAIL:  User "ivan.fomkin" has no password assigned.
        Connection matched pg_hba.conf line 97: "host    all             all             127.0.0.1/32            scram-sha-256"

I try get kerberos ticket for user ivan.fomkin using kinit but it's no work for my case; Any ideas how to connect to Postgres from Spring Boot using GSS API?