Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add constrained delegation support
See original GitHub issueI am able to obtain a service ticket for SQL Server using an impersonated credential with Java 8 but when I try to use this with the driver I am getting the next error:
KrbException: The ticket isn’t for us (35)
It seems that the problem is in the KerbAuthentication class inside the method intAuthInit(). In this class a context is created for the authentication and this context requests that the initiator’s credentials be delegated to the acceptor during context establishment. This behavior is not possible within a constrained delegation scenario.
The service ticket obtained using the impersonated credential is not a forwardable ticket and is not usable for the driver. Changing the next set to false makes the authentication works.
peerContext.requestCredDeleg(true);
I understand this is not the right change since the SQL Server can need to use a delegated credential in order to connect to other SQL Server instances using open delegation, but a change is necessary to set this property to false in a constrained delegation scenery.
Issue Analytics
- State:
- Created 7 years ago
- Comments:14 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Support for constrained delegation is added in #178. Can you please review and test it?
You can add
GSSCredentialto the driver connection property and pass impersonated credential as value.I tried both, 4.1 and 4.2, and it is working. Thanks!