[MXS-2049] Kerberos authentication not working or not clearly documented - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.12
Fix Version/s: 2.2.16
Component/s: Authenticator
Labels:
None

Description

User KERB_A can connect using gssapi to a backend server SRV1.

When trying to connect KERB_A (kerberos user) via MaxScale to a backend server SRV1, this error happens:

2018-08-30 15:02:53 error : (15) GSSAPI Major Error: Unspecified GSS failure. Minor code may provide more information

2018-08-30 15:02:53 error : (15) GSSAPI Minor Error: No Kerberos credentials available (default cache: KEYRING:persistent:997)

Starting MaxScale process with user KERB_A and then connecting to SRV1 via MaxScale with the same user KERB_A, authentication succeeds.

When trying to use another kerberos user KERB_B to connect to SRV1 via MaxScale this error happens:

Sep 13 13:09:37 server_x maxscale[154147]: (9) [mariadbbackend] Invalid authentication message from backend 'NODE_2_KERBEROS'. Error code: 1045, Msg : #28000GSSAPI name mismatch, requested 'KERB_B@DOMAIN', actual name 'KERB_A@DOMAIN'

Documentation has been followed but it's not clear what's wrong.

How does GSSAPI work?

Does MaxScale process user need to be a kerberos user?

If so, why when connecting with another user I get the above error of user mismatch?

Attachments

Activity

People

Assignee:: markus makela

Reporter:: Claudio Nanni

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018-09-14 09:23

Updated:: 2020-08-25 16:58

Resolved:: 2018-10-01 13:23

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.