红帽全球峰会此内容没有您所选择的语言版本。
8.4. Kerberos Support: JDBC Client Configuration
Procedure 8.3. Setup Kerberos for JDBC Client
Set JAAS configuration
In the client VM the JAAS configuration for kerberos authentication needs to be written. Here is sample configuration file (client.conf):Copy to Clipboard Copied! Toggle word wrap Toggle overflow Set JVM configuration
Add the following JVM options to your client's startup script. Changerealmandkdcsettings according to your environment:-Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=kerberos.example.com -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=false -Djava.security.auth.login.config=/path/to/client.conf
-Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=kerberos.example.com -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=false -Djava.security.auth.login.config=/path/to/client.confCopy to Clipboard Copied! Toggle word wrap Toggle overflow Or if you want to control thekdcandrealmsystem wide, use below instead.-Djava.security.krb5.conf=/path/to/krb5.conf (on Linux /etc/krb5.conf) -Djava.security.auth.login.config=/path/to/client.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=false
-Djava.security.krb5.conf=/path/to/krb5.conf (on Linux /etc/krb5.conf) -Djava.security.auth.login.config=/path/to/client.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=falseCopy to Clipboard Copied! Toggle word wrap Toggle overflow Set URL connection properties
Add the following URL connection properties to the JBoss Data Virtualization JDBC connection string:authenticationType=KRB5;jaasName=Client;kerberosServicePrincipleName=dv/my.host.com@EXAMPLE.COM
authenticationType=KRB5;jaasName=Client;kerberosServicePrincipleName=dv/my.host.com@EXAMPLE.COMCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Note
There is no need to provide the username and password. When the application makes a JDBC connection, it will authenticate locally and use the same user credentials to negotiate a service token with the server and grant the connection. For more information on connection properties and how to configure data sources, see the JBoss Data Virtualization Platform Development Guide.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}