[FEATURE REQUEST] when performing Kerberos Auth, Adds option to skip JAAS login on window #2172
Labels
Enhancement
An enhancement to the driver. Lower priority than bugs.
Projects
Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it
In order to perform connection with JavaKerberos authenticaiton scheme, one option is to use Native platform GSS integration.
This can be done by setting a connection Properties gsscredential (org.ietf.jgss.GSSCredential).
https://learn.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server?view=sql-server-ver16#native-platform-gss-integration
If gsscredential is not provided then mssql-jdbc will try to perform JAAS login before creating the credential (doesn't work on window machine that have credential guard enabled)
This does not work nicely with spark since it only support String type for connection properties value and will throw casting error.
Describe the preferred solution
add a new properties property to tell mssql-jdbc to create a GSSCredential for the user without having to explicitly provide one or attempting to perform JASS login
For example, In postgresql, setting jaasLogin=false and the jdbc will create GssCredential without attempting JAAS login
Describe alternatives you've considered
Currently, In order to use native gss to authenticate to SQLserver usimg mssql-jdbc with spark, I have to write a wrapper jdbc class that help creating the GSSCredential by reading additional custom property
Reference Documentations/Specifications
postgres doc
https://jdbc.postgresql.org/documentation/use/#:~:text=for%20example%20if%20the%20native%20GSS%20implementation%20is%20being%20used%20to%20obtain%20credentials%2C%20set%20this%20to%20false%20.
Reference Implementation
How it's done in postgres https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main/java/org/postgresql/gss/MakeGSS.java#L135
I will Submit a Related PR
The text was updated successfully, but these errors were encountered: