GSSException：未提供有效凭据（机制级别：无法找到任何Kerberos tgt） [英] GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

问题描述

我对MOngoDB + Java配置非常陌生。我试图从远程mongodb服务器到Java应用程序的连接。我想使用GSSAPI机制来连接mongotemplate。下面的代码已成功执行。下面的代码来自我的配置文件。

I am very much new to the MOngoDB + Java Configuration. I am trying to achive the connection from remote mongodb server from Java application. I want to use GSSAPI mechanism for connection with mongotemplate. Below code has been executing successfully. Below code is from my configuration file.

List<ServerAddress> serverAddresses = new ArrayList<ServerAddress>();
    ServerAddress address = new ServerAddress(host, port);
    serverAddresses.add(address);
    List<MongoCredential> credentials = new ArrayList<MongoCredential>();

    MongoCredential credential = MongoCredential.createGSSAPICredential(userName);

    credential.withMechanismProperty("SERVICE_NAME", gssapiServiceName);
    credential.withMechanismProperty("CANONICALIZE_HOST_NAME", true);
    credentials.add(credential);

    return new MongoClient(serverAddresses, credentials);

但是当我尝试执行下面的代码时，我会遇到异常

But when I am trying execute below code I am getting exception

DB db = mongoTemplate.getDb();
Set<String> dbCollections1 = db.getCollectionNames();

例外：

GSSException：未提供有效凭据（机制级别：无法找到任何Kerberos tgt）
at sun.security.jgss.krb5.Krb5InitCredential.getInstance（Krb5InitCredential.java:147）
at sun。 security.jgss.krb5.Krb5MechFactory.getCredentialElement（Krb5MechFactory.java:122）
at sun.security.jgss.GSSManagerImpl.getCredentialElement（GSSManagerImpl.java:193）
at sun.security.jgss.GSSCredentialImpl。添加（GSSCredentialImpl.java:427）
at sun.security.jgss.GSSCredentialImpl。（GSSCredentialImpl.java:62）
at sun.security.jgss.GSSManagerImpl.createCredential（GSSManagerImpl.java:154）
at com.mongodb.DBPort $ GSSAPIAuthenticator.getGSSCredential（DBPort.java:622）
at com.mongodb.DBPort $ GSSAPIAuthenticator.createSaslClient（DBPort.java:593）
at com.mongodb。 DBPort $ SaslAuthenticator.authenticate（DBPort.java:895）com.mongodb.DB上的
Port.authenticate（DBPort.java:432）
at com.mongodb.DBPort.checkAuth（DBPort.java:443）
at com.mongodb.DBTCPConnector.innerCall（DBTCPConnector.java:289)
at com.mongodb.DBTCPConnector.call（DBTCPConnector.java:269）
at com.mongodb.DBCollectionImpl.find（DBCollectionImpl.java:84）
at com.mongodb.DB.command（DB .java：320）
at com.mongodb.DB.command（DB.java:299）
at com.mongodb.DB.command（DB.java:388）
at com。 mongodb.DBApiLayer.getCollectionNames（DBApiLayer.java:152）

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at com.mongodb.DBPort$GSSAPIAuthenticator.getGSSCredential(DBPort.java:622) at com.mongodb.DBPort$GSSAPIAuthenticator.createSaslClient(DBPort.java:593) at com.mongodb.DBPort$SaslAuthenticator.authenticate(DBPort.java:895) at com.mongodb.DBPort.authenticate(DBPort.java:432) at com.mongodb.DBPort.checkAuth(DBPort.java:443) at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:289) at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) at com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) at com.mongodb.DB.command(DB.java:320) at com.mongodb.DB.command(DB.java:299) at com.mongodb.DB.command(DB.java:388) at com.mongodb.DBApiLayer.getCollectionNames(DBApiLayer.java:152)

推荐答案

万分感谢所有人已经回复并查看了我的问题。

Million thanks to all who have responded and take a look to my question.

添加一些系统属性和新的conf文件后，最后我能够与MongoDB服务器建立连接。这里有更新的代码 -

After adding some System Properties and a new conf file, Finally I am able to get connected with MongoDB server. Herewith the updated code -

try {
        System.setProperty("java.security.krb5.conf","C:/mongodb/UnixKeytab/krb5.conf");
        System.setProperty("java.security.krb5.realm","EXAMPLE.COM");
        System.setProperty("java.security.krb5.kdc","example.com");
        System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
        System.setProperty("java.security.auth.login.config","C:/mongodb/UnixKeytab/gss-jaas.conf");


        List<ServerAddress> serverAddresses = new ArrayList<ServerAddress>();
        ServerAddress address = new ServerAddress(host, port);
        serverAddresses.add(address);
        List<MongoCredential> credentials = new ArrayList<MongoCredential>();
        MongoCredential credential = MongoCredential.createGSSAPICredential(username);
        credentials.add(credential);
        MongoClient mongoClient1 = new MongoClient(serverAddresses, credentials);
        DB db = mongoClient1.getDB(database);

    } catch (UnknownHostException e) {
        e.printStackTrace();
    }

我的krb5.conf文件如下所示 -

My krb5.conf file look like below -

[libdefaults]
     default_realm = EXAMPLE.COM
     default_tkt_enctypes = des-cbc-md5 rc4-hmac
     default_tgs_enctypes = des-cbc-md5 rc4-hmac
     default_keytab_name = <keytab file path>
[realms]
EXAMPLE.COM = {
    kdc = example.com
    master_kdc = example.com
    default_domain = EXAMPLE.COM
}
INTRANET = {
    kdc = example.com
    master_kdc = example.com
    default_domain = example.com
}

我的gss-jaas.conf如下所示 -

My gss-jaas.conf look like below -

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=false
principal="my-account@MY_REALM"
doNotPrompt=true
keyTab="path-to-my-keytab-file"
debug=true;};

我发布的代码对我有用。希望这对其他人有用。

Code I have posted is working for me. Hope this will work for others.

这篇关于GSSException：未提供有效凭据（机制级别：无法找到任何Kerberos tgt）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！