Kerberos on linux

Connectivity
Connectivity covers the mechanisms for connecting to the Teradata Database, including driver connectivity via JDBC or ODBC.
Highlighted
Enthusiast

Kerberos on linux

Hello,

 

I'm not sure if this is the right place to post my question... forgive me for cross posting eventually :-/

 

On a linux system I'm trying to implement the SSO via Kerberos to connect to a Teradata database.

 

To test it and to configure it I'm using a simple java test program that try to open a connection and then exit.

 

So the java command line include :

 

-Djava.security.auth.login.config=$HOME/teraJDBC.config
-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.krb5.conf=/etc/krb5.conf TDA_JBDC_Info

 

and the connection string is "jdbc:teradata://<hostname>/LOGMECH=KRB5,TMODE=ANSI,CHARSET=UTF8"

 

When I try I get the following error :

 

*** SQLException caught ***
Error code: 1014
SQL State: HY000
Message: [Teradata JDBC Driver] [TeraJDBC 15.10.00.05] [Error 1014] [SQLState HY000] TeraEncrypt: Error tdgss-stack-trace-begin>>> javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)

 

A collegue that have kerberos competence told me that is well configured

On windows everytingh works fine, the same java program estabilsh the connection via SSO.

Why on linux I get the error?!

 

The JDBC Driver version is 15.10.00.05 

with Java 1.5

 

thank you, ciao

GIovanni


Accepted Solutions
Teradata Employee

Re: Kerberos on linux

This is almost certainly a configuration issue. I would suggest you use the Kerberos command-line utilities (e.g. kinit, klist) to debug.

Some common issues:

Your realm names should be all UPPERCASE.

Hostnames / FQDNs / Kerberos SPNs are case-sensitive

1 ACCEPTED SOLUTION
2 REPLIES
Teradata Employee

Re: Kerberos on linux

This is almost certainly a configuration issue. I would suggest you use the Kerberos command-line utilities (e.g. kinit, klist) to debug.

Some common issues:

Your realm names should be all UPPERCASE.

Hostnames / FQDNs / Kerberos SPNs are case-sensitive

Enthusiast

Re: Kerberos on linux

thank you Fred,

 

doing deep debug of kerberos we have discovered that this specific error is due to a wrong JVM version.

Using java version 1.7.0_181 everytingh work fine as expected.

 

ciao

GIovanni