Configuring MSSQL Windows Integrated Security in GEN1 and Gen2

Installing Kerberos

In Linux MSSQL with Windows integrated security requires the installation of the Kerberos client.

1. In terminal run the following to install Kerberos on your workstation:

yum install krb5-server krb5-libs krb5-workstation

2. Create a krb5.conf file. Below is an example, but be noted that yours may differ:

[libdefaults]
forwardable = true
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

[domain_realm]

[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log

[realms]
[EXAMPLE.NET](http://example.net/) = {
admin_server = 123.123.123.123
kdc = [abc.example.net](http://abc.example.net/)
}

3. In terminal run: 

kinit -V -c krb5cc firstname.lastname@EXAMPLE.NET

Enter your password and wait for the message: Authenticated to Kerberos

4. Authenticate to the SQL server Service via the following:

kinit -V -c krb5cc -S MSSQLSvc/MSDB.example.net:1433 firstname.lastname@EXAMPLE.NET

enter password and wait for the the message: Authenticated to Kerberos

Kerberos authentication now works on your Linux Workstation!

Enable the connection in ONE Desktop (GEN1 and GEN2)

1. Pass the following Java property to the one-ide.ini

-Djava.security.krb5.conf=/etc/krb5.conf

2. As connection string type:

jdbc:sqlserver://msdb.example.net:1433;databaseName=test;integratedsecurity=true;authenticationScheme=JavaKerberos;serverSpn=MSSQLSvc/MSDB.example.net:1433

username: firstname.lastname@EXAMPLE.NET

password: your windows password

Enable the connection in ONE GEN 2

1. The DPE must be started with the following java property

-Djava.security.krb5.conf=/etc/krb5.conf

2. Add it to the JAVA_OPTS environment variable.

Enable the connection in ONE GEN 1

1. pass the following java property in JAVA_OPTS in start_one_tomcat.sh

-Djava.security.krb5.conf=/etc/krb5.conf

2. The connection string and credentials are the same as in ONE Desktop (look up)

Troubleshooting:

1. If you still cannot connect to the MSSQL database do the following: Pass this Java property to the one-ide.ini:

   -Dsun.security.krb5.debug=true

2. start the IDE from the terminal and try to connect to your database again. Check the requests in the terminal, are they reaching the database, is it the correct host, etc.
3. In a second terminal execute the following to connect via Kerberos:

export KRB5_TRACE=/dev/stdout
kinit -V -c krb5cc -S MSSQLSvc/MSDB.example.net:1433 firstname.lastname[@EXAMPLE.NET](mailto:firstname.lastname@EXAMPLE.NET).`

4. Compare the requests from the ide terminal and the terminal we used for Kerberos (step 2 and 3). The connection should be reaching the same host.