Microsoft JDBC driver URL with Kerberos authentication and ServerSpn

1
votes

I have MS SQL setup with default instance in Windows authentication mode. Also I have Kerberos implemented with ServerSpn as MSSQlSvc.

I am trying to access the SQL Server remotely from my Java client on a Windows OS.

The Java client is executed with following JVM Paramters: 

-Djava.security.auth.login.config=path_to_file/client.conf
-Djava.security.krb5.conf=path_to_file/krb5.ini

The URL I am using looks like follows: 

jdbc:sqlserver://MSSQLSvc/FQDN_OF_SQL_Server:PORT;integratedSecurity=true;authenticationScheme=JavaKerberos

But I am getting the following error:

com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host MSSQLSvc/FQDN_OF_SQL_Server, port 1433 has failed. Error: "null. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.". at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:191) at com.microsoft.sqlserver.jdbc.SQLServerException.ConvertConnectExceptionToSQLServerException(SQLServerException.java:242) at com.microsoft.sqlserver.jdbc.SocketFinder.findSocket(IOBuffer.java:2293) at com.microsoft.sqlserver.jdbc.TDSChannel.open(IOBuffer.java:506) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1523) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1204) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1040) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:554) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1019) at java.sql.DriverManager.getConnection(Unknown Source) at java.sql.DriverManager.getConnection(Unknown Source) at microsoftJdbcDriver.getConnection(microsoftJdbcDriver.java:32) at microsoftJdbcDriver.displayDbProperties(microsoftJdbcDriver.java:51) at microsoftJdbcDriver.main(microsoftJdbcDriver.java:93)

The client.conf file: 

SQLJDBCDriver {    
com.sun.security.auth.module.Krb5LoginModule required    
useTicketCache=true      
doNotPrompt=true 
};

The kb5.ini: 

[libdefaults]
        default_realm = MYDOMAIN.COM
        clockskew = 300

[realms]
        MYDOMAIN.COM = {
                kdc = MYDOMAIN.COM
                admin_server = MYDOMAIN.COM
}


[domain_realm]
        .domain.com = MYDOMAIN.COM
        domain.com> = <MYDOMAIN.COM



[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true'

Also note:

  1. The firewall is not an issue the same thing works well with native authentication, using sql_auth.dll.
  2. The SQL Management Studio can also access the instance
1
javasql-serverjdbckerberos
Since you are on Windows, why don't you use SSPI implemenation with the DLL. It should be easier.Michael-O
I am looking a solution which will work for non-windows as a client as well. with little modifications. Going iterative. windows to windows - native authentication works, now trying kerberos windows to windows, then linux to windows.Nida Sahar

1 Answers

1
votes

My URL was incorrect. Surprisingly some trial and error worked: 

"jdbc:sqlserver://HOST_NAME:1433;ServerSpn=MSSQLSvc/FQDN_OF_THE_HOST:1433@REALM_NAME_IN_CAPS;integratedSecurity=true;authenticationScheme=JavaKerberos;EncryptionMethod=ssl"