I've modified the original project to simulate database server kerberos authentication.
git clone https://github.com/gaborgsomogyi/docker-kerberos.git
cd docker-kerberos
# Docker need couple of jars
cd pgjdbc-kerberos/
mvn clean install
cd -
cd mysql-kerberos/
mvn clean install
cd -
cd mariadb-kerberos/
mvn clean install
cd -
cd db2-kerberos/
mvn clean install
cd -
cd mssql-kerberos/
mvn clean install
cd -
cd oracle-kerberos/
mvn clean install
cd -
docker-compose build
./run-kdc-kadmin.sh
./run-postgres.sh
./run-kerberos-client.sh postgres
export KRB5_TRACE=/dev/stdout
kinit -kt /share/postgres.keytab postgres/[email protected]
psql -U postgres/[email protected] -h example.com postgres
./run-kerberos-client.sh postgres
export KRB5_TRACE=/dev/stdout
kinit -kt /share/postgres.keytab postgres/[email protected]
java -jar /tmp/pgjdbc-kerberos-1.0-SNAPSHOT-jar-with-dependencies.jar share/postgres.keytab postgres/[email protected] "jdbc:postgresql://example.com/postgres?user=postgres/[email protected]&gsslib=gssapi"
docker login container-registry.oracle.com
./run-mysql.sh
./run-kerberos-client.sh mysql
export KRB5_TRACE=/dev/stdout
kinit -kt /share/mysql.keytab mysql/[email protected]
// No GSSAPI plugin so failing
java -jar /tmp/mysql-kerberos-1.0-SNAPSHOT-jar-with-dependencies.jar share/mysql.keytab mysql/[email protected] "jdbc:mysql://example.com/mysql?user=mysql/[email protected]"
./run-mariadb.sh
./run-kerberos-client.sh mariadb
export KRB5_TRACE=/dev/stdout
kinit -kt /share/mariadb.keytab mariadb/[email protected]
java -jar /tmp/mariadb-kerberos-1.0-SNAPSHOT-jar-with-dependencies.jar share/mariadb.keytab mariadb/[email protected] "jdbc:mariadb://example.com/mysql?user=mariadb/[email protected]"
./run-db2.sh
./run-kerberos-client.sh db2
export KRB5_TRACE=/dev/stdout
kinit -kt /share/db2.keytab db2/[email protected]
java -jar /tmp/db2-kerberos-1.0-SNAPSHOT-jar-with-dependencies.jar share/db2.keytab db2/[email protected] "jdbc:db2://example.com:50000/db2"
./run-mssql.sh
./run-kerberos-client.sh mssql
sqlcmd -S example.com -U sa -P Mssql123
./run-kerberos-client.sh mssql
export KRB5_TRACE=/dev/stdout
kinit -kt /share/mssql.keytab mssql/[email protected]
// The login is from an untrusted domain and cannot be used with Integrated authentication.
java -jar /tmp/mssql-kerberos-1.0-SNAPSHOT-jar-with-dependencies.jar share/mssql.keytab mssql/[email protected] "jdbc:sqlserver://example.com;integratedSecurity=true;authenticationScheme=JavaKerberos;userName=mssql/[email protected]"
docker login container-registry.oracle.com
./run-oracle.sh
./run-kerberos-client.sh oracle
export KRB5_TRACE=/dev/stdout
kinit -kt /share/oracle.keytab oracle/[email protected]
// ORA-01017: invalid username/password; logon denied
sqlplus '/@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCLCDB.localdomain)))'
./run-kerberos-client.sh oracle
export KRB5_TRACE=/dev/stdout
kinit -kt /share/oracle.keytab oracle/[email protected]
// ORA-01017: invalid username/password; logon denied
java -jar /tmp/oracle-kerberos-1.0-SNAPSHOT-jar-with-dependencies.jar share/oracle.keytab oracle/[email protected] "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCLCDB.localdomain)))"