This is a simple test tool to validate Java Kerberos authentication against a Microsoft SQL Server database. The tool requires two configuration file: SQLSERVER.conf and krb5.conf.
A sample file is provided in the zip distribution. This file can be used as is.
A sample file is provided, but it needs to be modified to fit your environment: specify the relevant domains, KDC and admin servers.
See https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html for more information.
The usage information will show as follows:
usage: SQL Server JDBC Kerberos Test Tool
-?,--help Show help
-h,--host <arg> Database host
-P,--port <arg> Database port
-p,--password <arg> Database user password
-u,--user <arg> Database user
The options -h
is required to specify a host. The default port is 1433 and can be overridden using the option -p
. If no user or no password is specified, a prompt will be displayed to provide the username and/or password.
An example call looks as follows:
java -Dsun.security.krb5.debug=true -Djava.security.auth.login.config=SQLSERVER.conf -Djava.security.krb5.conf=krb5.conf -jar kerberos-test.jar -h sql.example.com -u [email protected]
The option -Dsun.security.krb5.debug=true
enables kerberos debugging. The option -Djava.security.auth.login.config=SQLSERVER.conf
tells Java where to find the SQLSERVER.conf
file. An alternative location could be provided, if needed. Similarly, the option -Djava.security.krb5.conf=krb5.conf
points to the krb5.conf
file. The option -jar
is needed and requires the jar file name (kerberos-test.jar
as provided).