Thread: JDBC and GSSAPI/Krb5 with uDig
View Single Post

   
  #1 (permalink)  
Old 05-07-2008, 11:18 AM
Stephen Frost
 
Posts: n/a
Default JDBC and GSSAPI/Krb5 with uDig
Greetings,

uDig uses JDBC (it actually ships with 8.1-403, technically). I have
users who want to use uDig. We use Kerberos for all of our
authentication. I saw that back at the end of January Kris built a
GSS-enabled version of JDBC and put it up here:

http://ejurka.com/pgsql/jars/gss/

I replaced the 8.1-403 JDBC w/ that one and then followed the
additional instructions here:

http://archives.postgresql.org/pgsql...1/msg00154.php

Regarding creating a login.conf, etc. I've gotten it to the point
where I can use GSSAPI (requires an 8.3 server, but that's not a huge
problem) to authenticate from uDig if I provide both a username and a
password to uDig. Obviously, that's less than ideal. This is on a
Debian system w/ MIT Kerberos and psql and buddies all work fine using
the existing ticket cache. Is there something special to get JDBC to
use the ticket cache in the KRB5CCNAME environment variable?

Anyone know how this is going to work on a Windows platform?

I believe the code involved from uDig is this:
http://svn.geotools.org/udig/trunk/p...izardPage.java

Is it possible that 'setLogin' is forcing it to try and get a new
ticket by providing a password? I couldn't find 'MyGSSTest' in the
above thread to look at and compare, unfortunately. A working example
would be nice, if available.

Thanks,

Stephen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIIGSwrzgMPqB3kigRAuKCAJwP/Rl40EYXJ6xxjo1vmMv8lpUaYQCgmupS
paf0osuYM2PmWloknqUZM1Y=
=6aQR
-----END PGP SIGNATURE-----

Reply With Quote