When attempting to connect to our Postgres instance using Flyway, I get
GSS Authentication failed connection error:
Unable to obtain Jdbc connection from DataSource
for user 'firstname.lastname@example.org': GSS Authentication failed
My Postgres instance is using gss authentication with MIT Kerberos to authenticate with my Active Directory using an uppercase domain name (realm), but on Postgres we are using lowercase domains due to how
pg-ldap-sync tool creates users.
I am able to connect just fine using
psql and a lowercase domain name:
psql -h postgres.domain.com -U email@example.com
However, when I attempt to run
Flyway with the same credentials, I receive a
GSS Authentication failed due to me not providing the correct domain casing matching the realm.
From the look of it, the JDBC driver Flyway is using, when using GSS, can only send the authentication user over, so if the database user doesn't match there is no way to map it. Since there is no ability to send the database user separately through the JDBC driver it falls back to the authentication user and the map fails.
How can I provide a different Postgres user than the principal used for Kerberos authentication? Similar to what I can do with
My JAAS Configuration: