Flyway GSS Authentication Failed Postgres Connection Error

Refresh

April 2019

Views

228 time

1

When attempting to connect to our Postgres instance using Flyway, I get GSS Authentication failed connection error:

Unable to obtain Jdbc connection from DataSource
(
  jdbc:postgresql://host/database?
  kerberosServerName=postgres&
  jaasApplicationName=pgjdbc
) 
for user '[email protected]': GSS Authentication failed

My Postgres instance is using gss authentication with MIT Kerberos to authenticate with my Active Directory using an uppercase domain name (realm), but on Postgres we are using lowercase domains due to how pg-ldap-sync tool creates users.

I am able to connect just fine using psql and a lowercase domain name: psql -h postgres.domain.com -U [email protected]

However, when I attempt to run Flyway with the same credentials, I receive a GSS Authentication failed due to me not providing the correct domain casing matching the realm.

From the look of it, the JDBC driver Flyway is using, when using GSS, can only send the authentication user over, so if the database user doesn't match there is no way to map it. Since there is no ability to send the database user separately through the JDBC driver it falls back to the authentication user and the map fails.

How can I provide a different Postgres user than the principal used for Kerberos authentication? Similar to what I can do with psql.

My JAAS Configuration:

pgjdbc
{
  com.sun.security.auth.module.Krb5LoginModule required
  doNotPrompt=true
  useTicketCache=true
  debug=true
  client=true;
};

0 answers