GSS JAAS 无法读取密钥库/选项卡
Posted
技术标签:
【中文标题】GSS JAAS 无法读取密钥库/选项卡【英文标题】:GSS JAAS can't read keystore/tab 【发布时间】:2016-04-22 19:35:38 【问题描述】:我正在尝试使用 Kerberos 连接到数据库,除了两个问题外,一切正常。首先,当我执行我的代码时,我被要求两次输入我的密码,不是一次而是两次。然后我的查询被发送到我的数据库并返回结果。
上述问题源于我认为的根本原因,或者我遇到的第二个问题是,我的 JDK 无法读取密钥表。
com.sun.security.jgss.initiate
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
principal="principal@REALM"
useDefaultCcache=true
;
com.sun.security.jgss.accept
com.sun.security.auth.module.Krb5LoginModule required
ticketCache=true
storeKey=true;
;
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings hosts=[realm:27017], mode=MULTIPLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Adding discovered server realm:27017 to client view of cluster
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by ReadPreferenceServerSelectorreadPreference=primary from cluster description ClusterDescriptiontype=UNKNOWN, connectionMode=MULTIPLE, all=[ServerDescriptionaddress=realm:27017, type=UNKNOWN, state=CONNECTING]. Waiting for 30000 ms before timing out
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionIdlocalValue:1, serverValue:1001] to realm:27017
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Monitor thread successfully connected to server with description ServerDescriptionaddress=realm:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersionversionList=[3, 2, 5], minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=128643970
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Discovered cluster type of STANDALONE
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:57 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionIdlocalValue:2, serverValue:1002] to realm:27017
****output from mongo****
我知道我没有禁用键盘输入,但这是因为正如您从上面的输出中看到的那样,我无法读取 keytab 或缓存。
服务器和客户端都有匹配的 krb5.conf,我可以 kinit、ktadd、klist 所有期望具有正确 enc 类型的主体。
我什至对 keytab 进行了 chmod 777 以确保这不是权限问题。
【问题讨论】:
【参考方案1】:这是权限问题,我无法读取 /tmp 下的缓存文件
【讨论】:
以上是关于GSS JAAS 无法读取密钥库/选项卡的主要内容,如果未能解决你的问题,请参考以下文章