Bug 1254532 (TEIID-3643)
| Summary: | VDB based kerberos authentication does not work with ODBC | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Data Virtualization 6 | Reporter: | Juraj Duráni <jdurani> |
| Component: | Teiid | Assignee: | jolee |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Juraj Duráni <jdurani> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2.0 | CC: | aszczucz, atangrin, dlesage, drieden, dsteigne, vhalbert |
| Target Milestone: | --- | Keywords: | QA-Closed, Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-10 08:56:08 UTC | Type: | Support Patch |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1242071 | ||
That is expected behavior. The client is not in charge of how they authenticate over the pg protocol. It must be determined from the session service authentication type, the vdb authentication type property, or the vdb gss pattern property. Reopened by the project. git:jboss-integration/teiid.git : 8.7.x-prod-ipv6.2 : cc7270c git:teiid/teiid.git : 62-8.7.x : cc7270c Verified. Steven Hawkins <shawkins> updated the status of jira TEIID-3643 to Closed |
I have a VDB configured to use GSS authentication. Both, JDBC and ODBC ports are configured to use default "teiid-security" security domain. Accessing the VDB through JDBC works fine, but ODBC throws exception [1], [2]. If the ODBC port is configured to use GSS authentication, connection is successful. [1] isql -v krb [08001][unixODBC]could not connect to server: Spojenie odmietnut Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 35432? ERROR: TEIID40055 Wrong logon method is being used. Server is not set up for Kerberos based authentication. DETAIL: org.teiid.jdbc.TeiidSQLException: TEIID40055 Wrong logon method is being used. Server is not set up for Kerberos based authentication. [ISQL]ERROR: Could not SQLConnect [2] 11:49:56,470 ERROR [org.teiid.ODBC] (New I/O worker #3) TEIID40015 Unexpected error occurred: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for Kerberos based authentication. at org.teiid.transport.LogonImpl.neogitiateGssLogin(LogonImpl.java:168) [teiid-runtime-8.7.1.6_2-redhat-4.jar:8.7.1.6_2-redhat-4] at org.teiid.odbc.ODBCServerRemoteImpl.logon(ODBCServerRemoteImpl.java:237) [teiid-runtime-8.7.1.6_2-redhat-4.jar:8.7.1.6_2-redhat-4] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_40] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_40] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_40] at org.teiid.transport.ODBCClientInstance.processMessage(ODBCClientInstance.java:127) [teiid-runtime-8.7.1.6_2-redhat-4.jar:8.7.1.6_2-redhat-4] at org.teiid.transport.ODBCClientInstance.receivedMessage(ODBCClientInstance.java:116) [teiid-runtime-8.7.1.6_2-redhat-4.jar:8.7.1.6_2-redhat-4] at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:211) [teiid-runtime-8.7.1.6_2-redhat-4.jar:8.7.1.6_2-redhat-4] at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:109) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:328) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:90) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.6.10.Final-redhat-1.jar:3.6.10.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_40] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_40] Steps to reproduce: Teiid configuration: [1] VDB: [2] Client.conf: [3] Java application: [4] ODBC datasource: [5] ODBC connection: isql -v krb [1] <system-properties> <property name="java.security.krb5.kdc" value="my.host"/> <property name="java.security.krb5.realm" value="EXAMPLE.COM"/> <property name="java.security.krb5.debug" value="true"/> </system-properties> ... <security-domain name="host"> <authentication> <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation"> <module-option name="storeKey" value="true"/> <module-option name="useKeyTab" value="true"/> <module-option name="keyTab" value="${jboss.home.dir}/psql.keytab"/> <module-option name="principal" value="postgres/localhost"/> <module-option name="doNotPrompt" value="true"/> <module-option name="useTicketCache" value="true"/> <module-option name="debug" value="true"/> <module-option name="refreshKrb5Config" value="false"/> </login-module> </authentication> </security-domain> <security-domain name="EXAMPLE.COM"> <authentication> <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="serverSecurityDomain" value="host"/> </login-module> </authentication> <mapping> <mapping-module code="SimpleRoles" type="roles"> <module-option name="user" value="admin"/> </mapping-module> </mapping> </security-domain> ... <transport name="jdbc" socket-binding="teiid-jdbc" protocol="teiid"> <authentication security-domain="teiid-security"/> </transport> <transport name="odbc" socket-binding="teiid-odbc" protocol="pg"> <authentication security-domain="teiid-security"/> </transport> [2] <vdb name="vdb_odbc" version="1"> <property name="security-domain" value="EXAMPLE.COM"/> <property name="authentication-type" value="GSS"/> ... </vdb> [3] client{ com.sun.security.auth.module.Krb5LoginModule required storeKey="true" useKeyTab="true" keyTab="/path/to/user.keytab" principal="user" doNotPrompt="true" refreshKrb5Config="false" useTicketCache="true" debug="true"; }; [4] TeiidDataSource tds = new TeiidDataSource(); tds.setServerName("jdv.host"); tds.setPortNumber(31000); tds.setDatabaseName("vdb_odbc"); tds.setJaasName("client"); tds.setKerberosServicePrincipleName("postgres/localhost"); Connection con = tds.getConnection(); [5] [krb] Driver = /opt/redhat/jboss-dv/v6/psqlodbc/lib64/psqlodbc.so Description = PostgreSQL Data Source DSN = krb Servername = localhost Port = 35432 Protocol = 7.4-1 UserName = user Database = vdb_odbc ReadOnly = no ServerType = Postgres ConnSettings = UseServerSidePrepare=1 ByteaAsLongVarBinary=1 Optimizer=0 Ksqo=0 Debug=0 Fetch = 10000