主题:

如何将Artifactory连接到启用Kerberos的Postgres ?

解决方案:

为此，设置kerberos服务器并执行以下步骤:

1)在KDC服务器上为Artifactory用户创建keytab文件;

ktutil美元
Ktutil: add_entry -password -p artifactory@test.ca -k 1 -e aes256-cts-hmac-sha1-96
Ktutil: WKT artifactory.keytab
ktutil:退出

2)山寨。keytab到Artifactory可读的位置。在这个例子中，我将使用/var/opt/jfrog/artifactory/etc/artifactory.keytab。将文件的所有权更改为人工用户。

3)以artifactory用户登录:su -s /bin/bash artifactory

4)运行:kinit artifactory
5)添加如下java参数:
-Dsun.security.krb5.debug = true -Djavax.security.auth。usessubject . credsonly =false -Djava.security.auth.login.config=/var/opt/jfrog/artifactory/jaas.conf -Dsun.security.jgss.native=true

6)配置工件:

——6。xin $ARTIFACTORY_HOME/etc/db.properties:

" jdbc: postgresql: / / pg.test.ca: 5432 / artifactory ? gssEncMode = require&loggerLevel = TRACE&loggerFile = / var / opt / jfrog / artifactory / pgjdbc-trace.log”

——7。xin $JFROG_HOME/var/etc/system.yaml (Versions 7.39.x and above):

共享:
数据库:
类型:postgresql
司机:org.postgresql.Driver
url: " jdbc: postgresql: / / pg.test.ca: 5432 / artifactory ? gssEncMode = require&loggerLevel = TRACE&loggerFile = / var / opt / jfrog / artifactory /日志/ pgjdbc-trace.log”
用户名:artifactory
密码:密码
kerberosAuth:真

7）创建

/var/opt/jfrog/artifactory/jaas.conf

pgjdbc {
com.sun.security.auth.module。Krb5LoginModule所需
doNotPrompt = true
useTicketCache = true
renewTGT = true
debug = true
useKeyTab = true
keyTab = " / var / opt / jfrog / artifactory / etc / artifactory.keytab”
校长=“artifactory@TEST.CA”;
}；

进一步阅读可能会有所帮助:
https://www.highgo.ca/2020/03/18/postgresql-gssapi-authentication-with-kerberos-part-1-how-to-setup-kerberos-on-ubuntu/
https://www.highgo.ca/2020/03/26/postgresql-gssapi-authentication-with-kerberos-part-2-postgresql-configuration/