1 SPN not match
ERROR: Server not found in Kerberos database
The default SPN generated by MS SQL ODBC driver is not what was registered on the KDC.
e.g.
Server name: server1.example.com
REALM: EXMPLE.COM
Port: 5150
The default SPN generated by the driver is
MSSQLSvc/server1.example.com:5150@EXAMPLE.COM
However, the SPN really was registered on the KDC is
MSSQLSvc/server1.example.com@EXAMPLE.COM
So, to resolve this issue, the ODBC DSN and JDBC string have to include explicit ServerSPN as:
ServerSPN=MSSQLSvc/server1.example.com@EXAMPLE.COM;
2 Java Kerberos uses UDP by default
Error: No valid credentials provided. SocketTimeoutException: Receive timed out.
The Java Kerberos by default uses UDP to connect KDC, while the KDC may only listen on TCP.
To resolve this, add below line in /etc/krb5.conf:
[libdefaults]
udp_preference_limit = 1
No comments:
Post a Comment