主题:

如何在启用Kerberos的情况下将Artifactory连接到Postgres ?

解决方案:

为此，设置kerberos服务器并执行以下步骤:

1)在KDC服务器上创建Artifactory用户的keytab文件:

ktutil美元
Ktutil: add_entry -password -p artifactory@test.ca -k 1 -e aes256-cts-hmac-sha1-96
Ktutil: WKT artifactory.keytab
ktutil:退出

2)复制工艺品。keytab到Artifactory可读的位置。在这个例子中，我将使用/var/opt/jfrog/artifactory/etc/artifactory.keytab。将文件的所有权更改为人工用户。

3)以artifactory用户登录:su -s /bin/bash artifactory

4)运行:kinit artifactory
5)添加如下java参数:
-Dsun.security.krb5.debug = true -Djavax.security.auth。useSubjectCredsOnly=false -Djava.security.auth.login.config=/var/opt/jfrog/artifactory/jaas.conf -Dsun.security.jgss.native=true

6)配置Artifactory:

——6。xin $ARTIFACTORY_HOME/etc/db.properties:

" jdbc: postgresql: / / pg.test.ca: 5432 / artifactory ? gssEncMode = require&loggerLevel = TRACE&loggerFile = / var / opt / jfrog / artifactory / pgjdbc-trace.log”

——7。xin $JFROG_HOME/var/etc/system.yaml (Versions 7.39.x and above):

共享:
数据库:
类型:postgresql
司机:org.postgresql.Driver
url: " jdbc: postgresql: / / pg.test.ca: 5432 / artifactory ? gssEncMode = require&loggerLevel = TRACE&loggerFile = / var / opt / jfrog / artifactory /日志/ pgjdbc-trace.log”
用户名:artifactory
密码:密码
kerberosAuth:真

7）创建

artifactory用户的/var/opt/jfrog/artifactory/jaas.conf:

pgjdbc {
com.sun.security.auth.module。Krb5LoginModule所需
doNotPrompt = true
useTicketCache = true
renewTGT = true
debug = true
useKeyTab = true
keyTab = " / var / opt / jfrog / artifactory / etc / artifactory.keytab”
校长=“artifactory@TEST.CA”;
};

进一步的阅读可能会有所帮助:
https://www.highgo.ca/2020/03/18/postgresql-gssapi-authentication-with-kerberos-part-1-how-to-setup-kerberos-on-ubuntu/
https://www.highgo.ca/2020/03/26/postgresql-gssapi-authentication-with-kerberos-part-2-postgresql-configuration/