Home Flyway GSS Authentication Failed Postgres Connection Error
Reply: 0

Flyway GSS Authentication Failed Postgres Connection Error

Brady Clifford
1#
Brady Clifford Published in 2018-01-13 00:13:31Z

When attempting to connect to our Postgres instance using Flyway, I get GSS Authentication failed connection error:

Unable to obtain Jdbc connection from DataSource
(
  jdbc:postgresql://host/database?
  kerberosServerName=postgres&
  jaasApplicationName=pgjdbc
) 
for user 'username@domain.com': GSS Authentication failed

My Postgres instance is using gss authentication with MIT Kerberos to authenticate with my Active Directory using an uppercase domain name (realm), but on Postgres we are using lowercase domains due to how pg-ldap-sync tool creates users.

I am able to connect just fine using psql and a lowercase domain name: psql -h postgres.domain.com -U username@domain.com

However, when I attempt to run Flyway with the same credentials, I receive a GSS Authentication failed due to me not providing the correct domain casing matching the realm.

From the look of it, the JDBC driver Flyway is using, when using GSS, can only send the authentication user over, so if the database user doesn't match there is no way to map it. Since there is no ability to send the database user separately through the JDBC driver it falls back to the authentication user and the map fails.

How can I provide a different Postgres user than the principal used for Kerberos authentication? Similar to what I can do with psql.

My JAAS Configuration:

pgjdbc
{
  com.sun.security.auth.module.Krb5LoginModule required
  doNotPrompt=true
  useTicketCache=true
  debug=true
  client=true;
};
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.296559 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO