Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Boot MSSQL Kerberos Authentication

Currently in my spring boot application.properties file, I am specifying following lines to connect to MSSql server.

spring.datasource.url=jdbc:sqlserver://localhost;databaseName=springbootd

spring.datasource.username=sa

spring.datasource.password=Projects@123

Instead of giving username and password, I want to authenticate user using kerberos, what all changes I will have to make.

I tried searching in the JPA official documentation but could not find any. Leads here are appreciated.

like image 647
Lokesh Agrawal Avatar asked Apr 28 '18 08:04

Lokesh Agrawal


People also ask

How do I enable Kerberos authentication in SQL Server?

To enable Kerberos for SQL Server we need to create Server Principal Names (SPNs) in Active Directory if they are not registered automatically. We have created (registered) SPNs for one of our servers, but still see many connections that use NTLM.

What is SunJaasKerberosTicketValidator?

public class SunJaasKerberosTicketValidator extends java.lang.Object implements KerberosTicketValidator, org.springframework.beans.factory.InitializingBean. Implementation of KerberosTicketValidator which uses the SUN JAAS login module, which is included in the SUN JRE, it will not work with an IBM JRE.

How does Spnego work?

SPNEGO authentication in the Liberty server sees the HTTP header with the SPNEGO token, validates the SPNEGO token, and gets the identity (principal) of the user. After the Liberty server gets the identity of the user, it validates the user in its user registry and performs the authorization checks.

What is Spring Security Kerberos?

Spring Security Kerberos is an extension of Spring Security for application developers to Kerberos concepts with Spring.


1 Answers

Basically, you need to set up your krb5.conf file properly. You can verify that configuration via the following command and entering your password:

kinit <user-name>

Additionally, make sure you have a JDBC URL like:

jdbc:sqlserver://servername=server_name;integratedSecurity=true;authenticationScheme=JavaKerberos;userName=user@REALM;password=****

See Microsoft JDBC driver documentation for details.

EDIT:

Forgot to mention the startup arguments. Add the following JVM argument:

-Djava.security.krb5.conf=<PATH_TO>/krb5.conf

I believe this is not neccessary if you use the default krb5.conf but not entirely sure.

like image 128
MuratOzkan Avatar answered Sep 20 '22 09:09

MuratOzkan