When connecting with Java (IBM JRE 1.6 or 1.7) and MS JDBC Driver 4.0.2206.100 the login is for sure or entire connection is encrypted (SSL/TLS or TDS or ??). (Default of driver encrypt = false or blank info here; MS JDBC blog info here)
Some instance working fine some give error "RSA premaster secret error" (entire Stack Trace below). All MS SQL instance have no SSL enabled.
When using the IBM Java Cryptography Extension (JCE) Unlimited Strength (US export restrictions) I can also connect to the instance which gave me before the RSA secret error before.
It seems that the difference of MS SQL instances is the "Log on as" user (different Domain user)
Question 1: How do I find details about the encryption/certificate (length/strength/...)?
On MS SQL without SSL enabled how to identify what cert is used for the JDBC connection
Tested with Squirrel and IBM tool(both with IBM Java).
Squirrel with Oracle JRE 1.8 works right away without using unlimited strength JCE
DB is MS SQL 2012 SP2 if that matters.
Full Stack trace of error (IBM JRE not using unlimited strength JCE)
000000c0 DSConfigurati W DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource null. Encountered java.sql.SQLException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "RSA premaster secret error". ClientConnectionId:a5af5544-1768-49bc-b91d-87169cd06306 DSRA0010E: SQL State = 08S01, Error Code = 0.
java.sql.SQLException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "RSA premaster secret error". ClientConnectionId:a5af5544-1768-49bc-b91d-87169cd06306 DSRA0010E: SQL State = 08S01, Error Code = 0
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at com.microsoft.sqlserver.jdbc.SQLServerDataSource.getConnectionInternal(SQLServerDataSource.java:621)
at com.microsoft.sqlserver.jdbc.SQLServerPooledConnection.createNewConnection(SQLServerPooledConnection.java:60)
at com.microsoft.sqlserver.jdbc.SQLServerPooledConnection.<init>(SQLServerPooledConnection.java:42)
at com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource.getPooledConnection(SQLServerConnectionPoolDataSource.java:34)
at com.ibm.ws.rsadapter.DSConfigHelper$1.run(DSConfigHelper.java:1273)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5477)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5603)
at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
at com.ibm.ws.rsadapter.spi.ServerFunction$6.run(ServerFunction.java:567)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1288)
at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1196)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:2075)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:1951)
at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionToDataSource(DSConfigurationHelper.java:1763)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource(DataSourceConfigHelperMBean.java:330)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:272)
at javax.management.modelmbean.RequiredModelMBean$4.run(RequiredModelMBean.java:1152)
at java.security.AccessController.doPrivileged(AccessController.java:388)
at com.ibm.oti.security.CheckedAccessControlContext.securityCheck(CheckedAccessControlContext.java:30)
at sun.misc.JavaSecurityAccessWrapper.doIntersectionPrivilege(JavaSecurityAccessWrapper.java:41)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1146)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:999)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:847)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:783)
at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1350)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1243)
at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:488)
at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:322)
at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:65)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:733)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:522)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.ibm.jsse2.kb.<init>(kb.java:86)
at com.ibm.jsse2.mb.a(mb.java:419)
at com.ibm.jsse2.mb.a(mb.java:71)
at com.ibm.jsse2.lb.t(lb.java:241)
at com.ibm.jsse2.lb.a(lb.java:3)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:855)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:320)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:676)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:620)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)
... 55 more
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at com.ibm.jsse2.kb.<init>(kb.java:115)
... 64 more
============== Update: ==============
SQL locates/pick cert based on the name (see this MS support link from Sep 12, 2008)
SQL Server looks at the certificate store to find a certificate with the same name as the Fully Qualified Domain Name System (FQDN) of the SQL Server computer name
so if server has cert with matching name it will try to use it. If that cert using stronger enc than supported by the JRE/JDK you will get the above error message
Also check this reg key (modify MSSQL11.MSSQLSERVER part for your instance/version)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib
here PS to check
Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib"
I would suggest running your tests with -Djavax.net.debug=all if this option works for IBM JDK. If not, try to find a similar option for IBM JDK. As a last resort use network packet sniffer.
This way you can get an idea who is complaining: the SQL server or the JDK running you client.
I would also try to run the same test under Oracle JDK if possible or under OpenJDK. This way you can pinpoint the cause of the problem.
Related
I'm having trouble to connect to my database from eclipse using my instance a google cloud sql database.
I successed to access to the database via mysql command line but no in eclise.
My code:
String instanceConnectionName = "****";
String databaseName = "****";
String username = "***";
String password = "***";
String jdbcUrl = String.format(
"jdbc:mysql://google/%s?cloudSqlInstance=%s&"
+ "socketFactory=com.google.cloud.sql.mysql.SocketFactory",
databaseName,
instanceConnectionName);
Connection connection = DriverManager.getConnection(jdbcUrl, username, password);
The Error I get:
jdbc:mysql://google/****?cloudSqlInstance=****e&socketFactory=com.google.cloud.sql.mysql.SocketFactory
May 03, 2017 10:53:07 AM com.google.cloud.sql.mysql.SocketFactory connect
INFO: Connecting to Cloud SQL instance [****].
May 03, 2017 10:53:07 AM com.google.cloud.sql.mysql.SslSocketFactory getInstance
INFO: First Cloud SQL connection, generating RSA key pair.
Exception in thread "main" com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
at com.mysql.jdbc.Util.getInstance(Util.java:387)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:917)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:896)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:885)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:860)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2332)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2085)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:795)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:44)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:400)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:327)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at neviTracker.program.ProgramConnections.main(ProgramConnections.java:27)
Caused by: java.lang.RuntimeException: Unable to obtain credentials to communicate with the Cloud SQL API
at com.google.cloud.sql.mysql.SslSocketFactory$ApplicationDefaultCredentialFactory.create(SslSocketFactory.java:545)
at com.google.cloud.sql.mysql.SslSocketFactory.getInstance(SslSocketFactory.java:138)
at com.google.cloud.sql.mysql.SocketFactory.connect(SocketFactory.java:47)
at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:298)
at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2253)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2286)
... 13 more
Caused by: java.io.IOException: The Application Default Credentials are not available. They are available if running on Google App Engine, Google Compute Engine, or Google Cloud Shell. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
at com.google.api.client.googleapis.auth.oauth2.DefaultCredentialProvider.getDefaultCredential(DefaultCredentialProvider.java:98)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.getApplicationDefault(GoogleCredential.java:213)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.getApplicationDefault(GoogleCredential.java:191)
at com.google.cloud.sql.mysql.SslSocketFactory$ApplicationDefaultCredentialFactory.create(SslSocketFactory.java:543)
... 18 more
You have an error message that says the environment variable GOOGLE_APPLICATION_CREDENTIALS is not set. Please create a .credentials file in a root folder and add your credential details in it.
Please refer to this link
https://developers.google.com/identity/protocols/application-default-credentials
The Application Default Credentials are not available. They are available if running on Google App Engine, Google Compute Engine, or Google Cloud Shell. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
You need credentials to access google cloud sql. You can create from here
After creating your credential, create your key file and point it in your bash_profile(read the block quote for more info). then it should work
Alternatively you can use CLOUD SQL PROXY to not work with environment variables, follow the steps in this link, if something is blurry please ask.
https://cloud.google.com/sql/docs/mysql/connect-admin-proxy
hope this helps.
Hi I am unable to connect to database from cmd, there is a problem in establishing a connection. I am using DB2 10.5 version client. Databse is on 10.5 server (Triend with db on 9.7 version server too).
I get the below excpetion :
com.ibm.db2.jcc.am.SqlException: [jcc][4038][12241][3.69.24] T2LUW exception: SQL1042C An unexpected system error occurred. SQLSTATE=58004
ERRORCODE=-1042, SQLSTATE=58004
at com.ibm.db2.jcc.am.gd.a(Unknown Source)
at com.ibm.db2.jcc.am.gd.a(Unknown Source)
at com.ibm.db2.jcc.am.gd.a(Unknown Source)
at com.ibm.db2.jcc.uw.UWExceptionGenerator.a(Unknown Source)
at com.ibm.db2.jcc.uw.UWExceptionGenerator.a(Unknown Source)
at com.ibm.db2.jcc.uw.UWConnection.a(Unknown Source)
at com.ibm.db2.jcc.uw.f.b(Unknown Source)
at com.ibm.db2.jcc.uw.UWConnection.a(Unknown Source)
at com.ibm.db2.jcc.uw.UWConnection.a(Unknown Source)
at com.ibm.db2.jcc.uw.UWConnection.<init>(Unknown Source)
at com.ibm.db2.jcc.DB2SimpleDataSource.getConnection(Unknown Source)
at com.ibm.db2.jcc.DB2SimpleDataSource.getConnection(Unknown Source)
at com.ibm.db2.jcc.DB2Driver.connect(Unknown Source)
at com.ibm.db2.jcc.DB2Driver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:512)
at java.sql.DriverManager.getConnection(DriverManager.java:171)
at DBOperation.setConnection(DBOperation.java:38)
at DBOperation.<init>(DBOperation.java:11)
at VTLoadStandard.main(VTLoadStandard.java:237)
Please help on resolving the issue.
Have a look at the manual entry for this error message.
It may be that your database configuration needs to be upgraded.
Explanation
A system error occurred. Some possible reasons for this error are:
The database manager is not installed correctly or the environment is not set up correctly.
On UNIX-based systems, db2iupdt may need to be run in order to update the DB2 instance to enable acquisition of a new system
configuration or access to function associated with the installation
or removal of certain product options, FixPaks, or modification
levels.
You might get this message if you are not using the correct DB2 Administration Server password.
There is more information about the error at the page I linked above.
You should check the contents of the DB2 diagnostics log file (db2diag.log) on the server side. The JDBC driver itself usually does not raise errors of such type, so there must be something wrong on the server.
For me the following helped: make sure you set the driver type 4.
db2datasource.setDriverType(4);
// put driverType=4; into the jdbc url
I am getting following error while installing and setup of Knox on Hortonworks Hadoop 2.1.5.
I have already installed java jdk-7u65-linux-x64.tar.gz
SGSCAI0081:~ # su -l knox -c '/usr/lib/knox/bin/gateway.sh setup'
***************************************************************************************************
You have indicated that you would like to persist the master secret for this service instance.
Be aware that this is less secure than manually entering the secret on startup.
The persisted file will be encrypted and primarily protected through OS permissions.
***************************************************************************************************
Enter master secret:
Enter master secret again:
Exception in thread "main" java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
at org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
Caused by: java.lang.NoClassDefFoundError: sun.security.x509.X509CertImpl
at java.lang.J9VMInternals.verifyImpl(Native Method)
at java.lang.J9VMInternals.verify(J9VMInternals.java:72)
at java.lang.J9VMInternals.verify(J9VMInternals.java:70)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:134)
at org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:59)
at org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:110)
... 9 more
Caused by: java.lang.ClassNotFoundException: sun.security.x509.X509CertImpl
at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
at java.lang.ClassLoader.loadClass(ClassLoader.java:660)
at java.lang.ClassLoader.loadClass(ClassLoader.java:626)
... 15 more
This is likely due to using Java 8 rather than Java 7. Even though you have installed Java 7 - perhaps you still have JAVA_HOME set to Java 8?
i am trying to connect with sql server 2008 using java connection string but i am getting following error
jdbc:sqlserver://127.0.0.1:1434;DatabaseNameconnect?autoReconnect=true
com.microsoft.sqlserver.jdbc.SQLServerException: The server version is not supported. The target server must be SQL Server 2000 or later.
com.microsoft.sqlserver.jdbc.SQLServerException: The server version is not supported. The target server must be SQL Server 2000 or later.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(Unknown Source)
at com.microsoft.sqlserver.jdbc.DBComms.Prelogin(Unknown Source)
at com.microsoft.sqlserver.jdbc.DBComms.(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:185)
at com.dnb.discovery.connection.ConnectionBean.makeMsSqlConnection(ConnectionBean.java:56)
at com.dnb.discovery.factory.MssqlDAOFactory.(MssqlDAOFactory.java:18)
at com.dnb.discovery.dao.mssqldao.MssqlCompanyDAO.(MssqlCompanyDAO.java:8)
at com.dnb.discovery.relevance.Relevance.(Relevance.java:26)
at com.dnb.discovery.dao.SolrDAO.readDataFromSolr(SolrDAO.java:189)
at com.dnb.discovery.searchservice.SearchService.buyerTextSearchAnonymous(SearchService.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.xml.internal.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:210)
at com.sun.xml.internal.ws.server.InvokerTube$2.invoke(InvokerTube.java:132)
at com.sun.xml.internal.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:241)
at com.sun.xml.internal.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:74)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
at com.sun.xml.internal.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:226)
at com.sun.xml.internal.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:375)
at com.sun.xml.internal.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:175)
at com.sun.xml.internal.ws.transport.http.server.WSHttpHandler.handleExchange(WSHttpHandler.java:100)
at com.sun.xml.internal.ws.transport.http.server.WSHttpHandler.handle(WSHttpHandler.java:77)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:555)
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:527)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
i am using following jar for connection
sqljdbc-2005-1.0.jar
please help
You're using a SQL Server 2005 JDBC driver, but talking to SQL Server 2008. While I would have expected that to work, I suspect the best approach would probably be to update your JDBC driver:
Download page for the latest MS JDBC driver
I am currently running a RHEL 6 server with IPA and a user test_user defined, attempting to authenticate using the 'Krb5LoginModule' Login Module I am getting the exception at the bottom of this question.
HOWEVER - if I add the system property -Dsun.security.krb5.debug=true the authentication completes without error - that system property is the only change between the failure scenario and successful scenario.
The same username and password also work flawlessly in kinit from the same machine running the Java client.
This is using Oracle jdk1.6.0_32.
So the question is what else is different when debug logging is enabled that would change the behaviour of the login process? At the moment enabling debug logging to understand the failure didn't work as that in itself caused it to work.
Exception in thread "main" javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at com.darranl.as.sasl.gssapi.KerberosLoginUtil.login(KerberosLoginUtil.java:50)
at com.darranl.as.sasl.gssapi.KerberosLoginUtil.main(KerberosLoginUtil.java:131)
Caused by: KrbException: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:72)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:446)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:401)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:373)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
... 13 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
... 17 more