microsoft/mssql-jdbc

[FEATURE REQUEST] Add getter and setter methods for Ticket Credential Cache to be used with Kerberos Authentication

Tickloop opened this issue · 1 comments

Tickloop commented

Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it

Scenario: Your application is connecting to multiple databases using Kerberos authentication. You have credential ticket caches that are used for Kerberos authentication. The system can have multiple credential caches and at present, there isn't a clean method to specify a path to a credential ticket cache for making a connection.

Describe the preferred solution

Adding getter and setter methods for credential ticket cache will be helpful
OR
Expose a driver property that can be get/set.

Describe alternatives you've considered

JAAS config files can be used, as you can specify a path to the ticket cache, but in case when databases are added by users of the application, you wouldn't want to create JAAS config files for each database connection.

Additional context

How we have handled this at present is we set a system property "oracle.net.kerberos5_cc_name" which is sufficient to point the driver to the ticket cache.

System.setProperty( "oracle. net.kerberos5_cc_name" , "/path/to/Ccahe/file") ;

And this allows us to switch between different CCache files.
However, a cleaner and self contained solution would be preferable

Reference Documentations/Specifications

MSSQL connection properties: Setting the connection properties

It would be nice to have ticketCachePath as a driver property in here, since useTicketCache is already a connection property.

Reference Implementation

A short article I wrote about handling multiple credential cache files when connecting to MSSQL using Kerberos is the best I could find on this issue:

How to specify Kerberos credentials cache file for JDBC SQL Server driver

Jeffery-Wasty commented

Hi @Tickloop,

Thank you for submitting the feature request. We'll take a look at this during our next triage and decide on if/when we think this can be introduced.

We also welcome public PRs. If you're able to, submitting a PR that introduces the feature makes it more likely that this will be included sooner, rather than later. Otherwise, we will plan this alongside other fixes and features, and release accordingly.