GSS JAAS 无法读取 keystore/tab
GSS JAAS can't read keystore/tab
我正在尝试使用 Kerberos 连接到数据库,除两个问题外一切正常。首先,当我执行我的代码时,我被要求两次输入我的密码而不是一次。然后我的查询被发送到我的数据库并返回结果。
以上问题源于我认为的根本原因,或者我遇到的第二个问题是,我 JDK 无法读取密钥表。
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
principal="principal@REALM"
useDefaultCcache=true
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
ticketCache=true
storeKey=true;
};
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings {hosts=[realm:27017], mode=MULTIPLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Adding discovered server realm:27017 to client view of cluster
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=MULTIPLE, all=[ServerDescription{address=realm:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:1, serverValue:1001}] to realm:27017
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Monitor thread successfully connected to server with description ServerDescription{address=realm:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 5]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=128643970}
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Discovered cluster type of STANDALONE
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:57 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:2, serverValue:1002}] to realm:27017
****output from mongo****
我知道我没有禁用键盘输入,但这是因为正如您从上面的输出中看到的,我无法读取密钥表或缓存。
服务器和客户端都匹配 krb5.conf,我能够 kinit、ktadd、klist 都期望具有正确 enc 类型的主体。
我什至对 keytab 进行了 chmod 777,只是为了确保这不是权限问题。
这是一个权限问题,我无法读取 /tmp 下的缓存文件
我正在尝试使用 Kerberos 连接到数据库,除两个问题外一切正常。首先,当我执行我的代码时,我被要求两次输入我的密码而不是一次。然后我的查询被发送到我的数据库并返回结果。
以上问题源于我认为的根本原因,或者我遇到的第二个问题是,我 JDK 无法读取密钥表。
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
principal="principal@REALM"
useDefaultCcache=true
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
ticketCache=true
storeKey=true;
};
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings {hosts=[realm:27017], mode=MULTIPLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Adding discovered server realm:27017 to client view of cluster
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=MULTIPLE, all=[ServerDescription{address=realm:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:1, serverValue:1001}] to realm:27017
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Monitor thread successfully connected to server with description ServerDescription{address=realm:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 5]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=128643970}
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Discovered cluster type of STANDALONE
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:57 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:2, serverValue:1002}] to realm:27017
****output from mongo****
我知道我没有禁用键盘输入,但这是因为正如您从上面的输出中看到的,我无法读取密钥表或缓存。
服务器和客户端都匹配 krb5.conf,我能够 kinit、ktadd、klist 都期望具有正确 enc 类型的主体。
我什至对 keytab 进行了 chmod 777,只是为了确保这不是权限问题。
这是一个权限问题,我无法读取 /tmp 下的缓存文件