KrbAuthType

This property specifies how the connector obtains the Subject for Kerberos authentication.

  • 0: The connector automatically detects which method to use for obtaining the Subject:
    1. First, the connector tries to obtain the Subject from the current thread's inherited AccessControlContext. If the AccessControlContext contains multiple Subjects, the connector uses the most recent Subject.
    2. If the first method does not work, then the connector checks the java.security.auth.login.config system property for a JAAS configuration. If a JAAS configuration is specified, the connector uses that information to create a LoginContext and then uses the Subject associated with it.
    3. If the second method does not work, then the connector checks the KRB5_CONFIG and KRB5CCNAME system environment variables for a Kerberos ticket cache. The connector uses the information from the cache to create a LoginContext and then uses the Subject associated with it.
  • 1: The connector checks the java.security.auth.login.config system property for a JAAS configuration. If a JAAS configuration is specified, the connector uses that information to create a LoginContext and then uses the Subject associated with it.
  • 2: The connector checks the KRB5_CONFIG and KRB5CCNAME system environment variables for a Kerberos ticket cache. The connector uses the information from the cache to create a LoginContext and then uses the Subject associated with it.
  • 3: The connector uses the native GSS-API feature in the JDK to use the Kerberos tickets in the native Windows credentials cache without the need to set the AllowTgtSessionKey property in the Windows registry.
Note:
  • The Native GSS-API feature is only available in Java 11 or later. While Java 13 and later include a default Native GSS-API library. While a default Native GSS-API library might be included in a future version of Java 11, if you are using Java 11 it does not include a default Native GSS-API library, you may work around the issue by setting the sun.security.jgss.lib system property to point to a sspi_bridge.dll file included in Java 13 or higher.
  • JAAS configuration is disabled by default. To enable JAAS configuration, please set the JDBC_ENABLE_JAAS environment variable to 1.

Below is an example of setting the sun.security.jgss.lib system property in the Java start-up command to point to the default native GSS-API library included in Java 13.

-Dsun.security.jgss.lib="C:\Program Files\Java\jdk-13.0.2\bin\sspi_bridge.dll"

Default Value Data Type Required

0

Integer

No