Teradata Kerberos connection

Database
The Teradata Database channel includes discussions around advanced Teradata features such as high-performance parallel database technology, the optimizer, mixed workload management solutions, and other related technologies.

Teradata Kerberos connection

Hi,

 

I'm trying to connect to my Teradata Database from Teradata Expess Studio using KRB5 as authentication mecahnism.

And the error I receive is:

java.sql.SQLException: [Teradata JDBC Driver] [TeraJDBC 16.20.00.06] [Error 1014] [SQLState HY000] TeraEncrypt: Error tdgss-stack-trace-begin>>> GSSException: Failure unspecified at GSS-API level (Mechanism level: [GSSP2GSS_ERR_INVALID_INPUT] Error while checking an input parameter.)
at com.teradata.tdgss.jgssp2gss.GssLogin.login(Unknown Source)
at com.teradata.tdgss.jgssp2gss.GssCredential.login(Unknown Source)
at com.teradata.tdgss.jgssp2gss.SspiMechanism.getContextForInit(Unknown Source)
at com.teradata.tdgss.jtdgss.TdgssContext.initSecContext(Unknown Source)
at com.teradata.jdbc.jdbc.GenericTeraEncrypt.initSecContext(GenericTeraEncrypt.java:397)
at com.teradata.jdbc.jdbc.GenericLogonController.run(GenericLogonController.java:295)
at com.teradata.jdbc.jdbc_4.TDSession.<init>(TDSession.java:211)
at com.teradata.jdbc.jdk6.JDK6_SQL_Connection.<init>(JDK6_SQL_Connection.java:36)
at com.teradata.jdbc.jdk6.JDK6ConnectionFactory.constructSQLConnection(JDK6ConnectionFactory.java:25)
at com.teradata.jdbc.jdbc.ConnectionFactory.createConnection(ConnectionFactory.java:181)
at com.teradata.jdbc.jdbc.ConnectionFactory.createConnection(ConnectionFactory.java:171)
at com.teradata.jdbc.TeraDriver.doConnect(TeraDriver.java:236)
at com.teradata.jdbc.TeraDriver.connect(TeraDriver.java:162)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataJDBCConnection.makeConnection(TeradataJDBCConnection.java:282)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataJDBCConnection.createConnection(TeradataJDBCConnection.java:124)
at org.eclipse.datatools.connectivity.DriverConnectionBase.internalCreateConnection(DriverConnectionBase.java:105)
at org.eclipse.datatools.connectivity.DriverConnectionBase.open(DriverConnectionBase.java:54)
at org.eclipse.datatools.connectivity.drivers.jdbc.JDBCConnection.open(JDBCConnection.java:96)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataPingFactory.createConnection(TeradataPingFactory.java:36)
at org.eclipse.datatools.connectivity.internal.ConnectionFactoryProvider.createConnection(ConnectionFactoryProvider.java:83)
at org.eclipse.datatools.connectivity.internal.ConnectionProfile.createConnection(ConnectionProfile.java:359)
at org.eclipse.datatools.connectivity.ui.PingJob.createTestConnection(PingJob.java:76)
at org.eclipse.datatools.connectivity.ui.PingJob.run(PingJob.java:59)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: java.lang.ClassCastException: java.util.Vector cannot be cast to java.util.Hashtable
at sun.security.krb5.Config.get0(Unknown Source)
at sun.security.krb5.Config.getString0(Unknown Source)
at sun.security.krb5.Config.getAll(Unknown Source)
at sun.security.krb5.Config.getKDCList(Unknown Source)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KdcComm.send(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.send(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.action(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.teradata.tdgss.jgssp2gss.GssLogin.login(Unknown Source)
at com.teradata.tdgss.jgssp2gss.GssCredential.login(Unknown Source)
at com.teradata.tdgss.jgssp2gss.SspiMechanism.getContextForInit(Unknown Source)
at com.teradata.tdgss.jtdgss.TdgssContext.initSecContext(Unknown Source)
at com.teradata.jdbc.jdbc.GenericTeraEncrypt.initSecContext(GenericTeraEncrypt.java:397)
at com.teradata.jdbc.jdbc.GenericLogonController.run(GenericLogonController.java:295)
at com.teradata.jdbc.jdbc_4.TDSession.<init>(TDSession.java:211)
at com.teradata.jdbc.jdk6.JDK6_SQL_Connection.<init>(JDK6_SQL_Connection.java:36)
at com.teradata.jdbc.jdk6.JDK6ConnectionFactory.constructSQLConnection(JDK6ConnectionFactory.java:25)
at com.teradata.jdbc.jdbc.ConnectionFactory.createConnection(ConnectionFactory.java:181)
at com.teradata.jdbc.jdbc.ConnectionFactory.createConnection(ConnectionFactory.java:171)
at com.teradata.jdbc.TeraDriver.doConnect(TeraDriver.java:236)
at com.teradata.jdbc.TeraDriver.connect(TeraDriver.java:162)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataJDBCConnection.makeConnection(TeradataJDBCConnection.java:282)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataJDBCConnection.createConnection(TeradataJDBCConnection.java:124)
at org.eclipse.datatools.connectivity.DriverConnectionBase.internalCreateConnection(DriverConnectionBase.java:105)
at org.eclipse.datatools.connectivity.DriverConnectionBase.open(DriverConnectionBase.java:54)
at org.eclipse.datatools.connectivity.drivers.jdbc.JDBCConnection.open(JDBCConnection.java:96)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataPingFactory.createConnection(TeradataPingFactory.java:36)
at org.eclipse.datatools.connectivity.internal.ConnectionFactoryProvider.createConnection(ConnectionFactoryProvider.java:83)
at org.eclipse.datatools.connectivity.internal.ConnectionProfile.createConnection(ConnectionProfile.java:359)
at org.eclipse.datatools.connectivity.ui.PingJob.createTestConnection(PingJob.java:76)
at org.eclipse.datatools.connectivity.ui.PingJob.run(PingJob.java:59)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: java.lang.ClassCastException: java.util.Vector cannot be cast to java.util.Hashtable
... 45 more

at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.teradata.tdgss.jgssp2gss.GssLogin.login(Unknown Source)
... 23 more
<<<end-tdgss-stack-trace
at com.teradata.jdbc.jdbc_4.util.ErrorFactory.makeDriverJDBCException(ErrorFactory.java:95)
at com.teradata.jdbc.jdbc_4.util.ErrorFactory.makeDriverJDBCException(ErrorFactory.java:70)
at com.teradata.jdbc.jdbc.GenericTeraEncrypt.transformException(GenericTeraEncrypt.java:107)
at com.teradata.jdbc.jdbc.GenericTeraEncrypt.initSecContext(GenericTeraEncrypt.java:400)
at com.teradata.jdbc.jdbc.GenericLogonController.run(GenericLogonController.java:295)
at com.teradata.jdbc.jdbc_4.TDSession.<init>(TDSession.java:211)
at com.teradata.jdbc.jdk6.JDK6_SQL_Connection.<init>(JDK6_SQL_Connection.java:36)
at com.teradata.jdbc.jdk6.JDK6ConnectionFactory.constructSQLConnection(JDK6ConnectionFactory.java:25)
at com.teradata.jdbc.jdbc.ConnectionFactory.createConnection(ConnectionFactory.java:181)
at com.teradata.jdbc.jdbc.ConnectionFactory.createConnection(ConnectionFactory.java:171)
at com.teradata.jdbc.TeraDriver.doConnect(TeraDriver.java:236)
at com.teradata.jdbc.TeraDriver.connect(TeraDriver.java:162)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataJDBCConnection.makeConnection(TeradataJDBCConnection.java:282)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataJDBCConnection.createConnection(TeradataJDBCConnection.java:124)
at org.eclipse.datatools.connectivity.DriverConnectionBase.internalCreateConnection(DriverConnectionBase.java:105)
at org.eclipse.datatools.connectivity.DriverConnectionBase.open(DriverConnectionBase.java:54)
at org.eclipse.datatools.connectivity.drivers.jdbc.JDBCConnection.open(JDBCConnection.java:96)
at com.teradata.datatools.dtp.connectivity.db.teradata.TeradataPingFactory.createConnection(TeradataPingFactory.java:36)
at org.eclipse.datatools.connectivity.internal.ConnectionFactoryProvider.createConnection(ConnectionFactoryProvider.java:83)
at org.eclipse.datatools.connectivity.internal.ConnectionProfile.createConnection(ConnectionProfile.java:359)
at org.eclipse.datatools.connectivity.ui.PingJob.createTestConnection(PingJob.java:76)
at org.eclipse.datatools.connectivity.ui.PingJob.run(PingJob.java:59)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)

 

 

Can you please assist?

 

Thanks in advance,

Veronica

 

Tags (2)
4 REPLIES
Highlighted
Teradata Employee

Re: Teradata Kerberos connection

I found a post that reported the same exception that you encountered:

https://sourceforge.net/p/spnego/discussion/1003769/thread/ceda9998/

 

In that post, the person reported that the problem was due to the formatting of their krb5.conf file. They said that JDK 8 did not accept multiple parameters on the same line in the krb5.conf file, and instead required parameters to be specified on separate lines.

Re: Teradata Kerberos connection

Hi,

 

Thanks for the answer.

 

I've tried and still receive same error.

 

Here is content of my krb5.ini file:

[libdefaults]
default_realm = DEVDOMAIN.EXAMPLE.COM
clockskew = 300

[realms]
DEVDOMAIN.EXAMPLE.COM = {
kdc = WIN07R3Domain.DEVDOMAIN.EXAMPLE.COM
}

[domain_realm]
.devdomain.example.com = DEVDOMAIN.EXAMPLE.COM
.devdomain.example.com = DEVDOMAIN.EXAMPLE.COM

[logging]
kdc = FILE:/tmp/krb5kdc.log

[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
proxiable = true
retain_after_close = false
minimum_uid = 0
try_first_pass = true
}

Enthusiast

Re: Teradata Kerberos connection

Please send me the error details to my mail id..I wil help you .vasudba85@gmail.com

Teradata Employee

Re: Teradata Kerberos connection

Hi Veronica,

 

Can you check if the below arguments were added in your TeradataStudioExpress.ini :

-Djavax.security.auth.useSubjectCredsOnly=false
-Dsun.security.krb5.debug=true

-Djava.security.krb5.conf=<path to your krb5.ini>

 

If the above lines were not added, add them to the TeradataStudioExpress ini file. Also, make sure that you do not provide values under username/password fields while creating kerberos connection profile.

 

If the above changes doesn't bring any effect, please let us know the version of StudioExpress you are using, any other jdbc properties you set while connecting.