ConnectKerberos.java

To run the ConnectKerberos.java sample application, use the following procedure.

StepsRunning ConnectKerberos.java

  1. Make sure your machine has valid Kerberos credentials. This task varies depending on your machine and environment.

    Windows – You can establish Kerberos credentials for a machine in an Active Directory environment by successfully logging in using Kerberos authentication.

    UNIX or Linux – You can establish Kerberos credentials for a UNIX or Linux machine using the kinit utility for your Kerberos client. If you do not obtain an initial credential using kinit, you are prompted for a user name and password when you attempt to run the sample application.

    NoteTypically the GSSManager provider implementation provided by standard JDK can use only the DES_CBC_MD5 and DES_CBC_CRC encryption types. You may be able to use other encryption types by using third-party software and setting the GSSMANAGER_CLASS property.

  2. Determine the location of the credentials for your machine.

    Windows – For a machine running in an Active Directory environment, Kerberos credentials are stored in an in-memory ticket cache.

    UNIX or Linux – For a UNIX or Linux machine using the JRE supplied, CyberSafe, Solaris, or MIT implementations of Kerberos, kinit places credentials by default in /tmp/krb5cc_{user_id_number}, where {user_id_number} is unique to your user name.

    If the credentials are placed elsewhere, you must specify that location in the sample2/exampleLogin.conf file by setting the ticketCache property.

  3. Specify to the Java reference implementation the default realm and host name of the KDC machine. Java may obtain this information from the krb5.conf or krb5.ini configuration files or from Java System properties. If you use a vendor GSS Manager implementation, that implementation may obtain host and realm information from DNS SRV records.

    Sybase recommends that you use a Kerberos configuration file, which allows for more control of the Kerberos environment, including the ability to specify to Java the type of encryption to request during authentication.

    NoteOn Linux, the Java reference implementation looks for the Kerberos configuration file in /etc/krb5.conf.

    If you do not use a Kerberos configuration file, and your Kerberos configuration is not set up to use DNS SRV records, you can specify the realm and KDC using the java.security.krb5.realm and java.security.krb5.kdc system properties.

  4. Edit ConnectKerberos.java so that the connection URL points to your database.

  5. Compile ConnectKerberos.java.

    Ensure that you are using JDK version 6 or later. Read through the source code comments, and ensure the jconn4.jar from your jConnect installation is specified in your CLASSPATH environment variable.

  6. Execute ConnectKerberos.class:

    java ConnectKerberos
    

    Ensure that you are using java version 6 executable. The sample application output explains that a successful connection has been established and executes the following SQL:

    select 1
    
    • To execute the sample without using a Kerberos configuration file, use the following command:

      java -Djava.security.krb5.realm=your_realm
      -Djava.security.krb5.kdc=your_kdc ConnectKerberos
      

      where your_realm is your default realm, and your_kdc is your KDC.

    • If necessary, you can run the sample application in debug mode to see debug output from the Java Kerberos layer:

      java -Dsun.security.krb5.debug=true ConnectKerberos
      

    You can also make a Kerberos connection using IsqlApp, the Java version of isql, located in the jConnect-7_0/classes directory:

    java IsqlApp -S jdbc:sybase:Tds:hostName:portNum 
    -K service_principal_name 
    -F path_to_JAAS_login_module_config_file
    

    For details on using IsqlApp, see