pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: nrhall (@nrhall) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] PR #3451: Support default GSS credentials in the Java Postgres client
Date: Fri, 24 Jan 2025 11:31:30 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
Some further testing suggests that `jaasLogin=false` on it's own works well if you have a default setup (`user@DEFAULT_REALM` as principal, file-based ccache). Adding the `gssUseDefaultCreds=true` doesn't change the way that works much - with all defaults, this code will acquire the same creds in each branch of the conditional - either by using the hard-coded principal name and calling `createCredential`, or just setting it to null and letting the Kerberos system libs figure it out:
```
if (gssUseDefaultCreds) {
clientCreds = manager.createCredential(GSSCredential.INITIATE_ONLY);
} else {
GSSName clientName = manager.createName(principalName, GSSName.NT_USER_NAME);
clientCreds = manager.createCredential(clientName, 8 * 3600, desiredMechs,
GSSCredential.INITIATE_ONLY);
}
```
Anyway, just thought it was worth mentioning!
view thread (15+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] PR #3451: Support default GSS credentials in the Java Postgres client
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox