This answer is not correct. I was able to connect to SQL server from PCF, using kerberos.
First I created a user id and password for connecting to the database and checked with Windows authentication whether I am able to connect to the DB.
Then I created a krb5.config.
A sample file
[libdefaults]
renew_lifetime = 7d
forwardable = false
default_realm = ABC.NET
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#hortonworks hive jdbc troubleshooting
udp_preference_limit = 1
[domain_realm]
abc.net = ABC.NET
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
ABC.NET = {
admin_server = server.abc.net
kdc = server.abc.net
}
Followed by this I created a SQLDriver Config file:
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
useTicketCache=true
renewTGT=true
ticketCache="/home/vcap/app/krb_ticket"
useKeyTab=true
keyTab="/home/vcap/app/BOOT-INF/classes/test.keytab"
principal="userid@ABC.NET"
useFirstPass=true
tryFirstPass=true
storePass=true
storeKey=true
serviceName="database-host-name"
}
JAVA_OPTS: -XX:ParallelGCThreads=8 -XX:MaxPermSize=2048m -XX:+UseConcMarkSweepGC -XX:+UseCompressedOops -XX:MaxDirectMemorySize=512m -Duser.timezone="America/Chicago" -DLOG_FILE="/home/vcap/logs/activity.log" -Djava.security.krb5.conf=/home/vcap/app/BOOT-INF/classes/krb5-test.conf -Dsun.security.krb5.debug=true -Djava.security.krb5.realm=ABC.NET -Djava.security.krb5.kdc=server.abc.net -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=/home/vcap/app/BOOT-INF/classes/mssql-jdbc-test.conf
doNotPrompt=true;
};
DataSource config
I included all the config files in the resources folder.
It worked for me
