-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
8.7.1
-
None
-
None
I have configured a datasource for MSSQL database. The datasource uses PassthroughIdentityLoginModule. I have also created a VDB which requires kerberos authentication. I am trying to pass credentials used for authentication CLIENT <=> TEIID to datasource so they can be used for authentication TEIID <=> MSSQL.
Method getConnection(..) (record in server log) is called with correct credentials, but SQLServerDriver throws an exception:
initAuthInit failed privileged exception:-java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major code: 13, minor code: 0
major string: Invalid credentials
minor string: Cannot get credential from JAAS Subject for principal: default principal
Some ideas, but I am only guessing:
1. I have seen same exception (on client side) if system property "javax.security.auth.useSubjectCredsOnly" is set to false on client side. As this property is set to true in the server config (<property name="javax.security.auth.useSubjectCredsOnly" value="true"/>), it is probably not passed to the driver (or is being ignored).
2. SQLServerDriver sets two system properties by default (if no kerberos configuration file is specified) useDefaultCcache = true moduleBanner = false - see https://msdn.microsoft.com/en-us/library/gg558122%28v=sql.110%29.aspx - ibm kerberos login module will try to get TGT from ticket cache
I have tried static kerberos configuration for same DS and there was no problem with it.