I'm attempting to connect to a database using Kerberos, everything works except for two issues. First, when I execute my code I am asked two enter my password not once but twice. Then my query is sent to my database and results are returned.
The above problem stems from what I belive the root cause, or second issue I'm having is, I JDK's inability to read the keytab.
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
principal="principal@REALM"
useDefaultCcache=true
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
ticketCache=true
storeKey=true;
};
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings {hosts=[realm:27017], mode=MULTIPLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Adding discovered server realm:27017 to client view of cluster
Apr 22, 2016 2:27:46 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=MULTIPLE, all=[ServerDescription{address=realm:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:1, serverValue:1001}] to realm:27017
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Monitor thread successfully connected to server with description ServerDescription{address=realm:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 5]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=128643970}
Apr 22, 2016 2:27:52 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Discovered cluster type of STANDALONE
Kerberos password for principal@REALM: ******
Apr 22, 2016 2:27:57 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Opened connection [connectionId{localValue:2, serverValue:1002}] to realm:27017
****output from mongo****
I understand that I haven't disabled keyboard input but this is because as you see from the output above I'm unable to read the keytab or cache.
Server and Client both have matching krb5.conf, I am able to kinit, ktadd, klist all expect principals with correct enc types.
I even went so far as to chmod 777 the keytab just to make sure this wasn't a permissions issue.
This was a permissions issue, I was unable to read the cache file under /tmp