Saturday, May 25, 2013

26 Microsoft JDBC Driver 4.0 for SQL Server support cross realm Kerberos authentication !! really?

I am not going to discuss how to configure Kerberos authentication for SQL Server here. It is too big of topic and you can find out plenty of resource online. However, I do like to share my experience for working with JDBC drivers for cross realm Kerberos authentication here .

Assuming you have configure your domain controller, KDC, SPN for SQL server properly.

MSFT provided 2 ways for intergrade security in this release of JDBC driver.

  • sqljdbc_auth.dll, –> As you can guess from the name, this would only works on windows platform. You can vote through the Microsoft Connect (Link here), if you like to get it fixed. Base on the current voting, I think there is a little hope it ever get implemented.
  • Java Generic Security Service (JGSS) : From 4.0, JDBC can support pure java Kerberos authentication.


Few things need to be pay attention when use the JGSS.

  • authenticationScheme=JavaKerberos,
  • integratedSecurity=true
  • serverName must set to use FQDN , for example:
  • The SQL Server is not necessary to use default port, Name instance and custom port number is supported

Even, we have set up everything properly but the cross realm still does not work. What went wrong?

What book on line does not tell you is the krb5.conf ‘s default realm must be the same realm as SQL server .

What ?  Ya, it is by design …

So when JDBC send the SPN to the KDC to get the tkt, it would append the krb5.conf’s default realm as part of search parameter. If the default realm is not the SQL server realm, for example, the Linux realm should not be the same realm as windows, the KDC would return the message that it can not find the server in the database.

Is it a bug? I think so. At least, it should not claim the JDBC support Kerberos authentication in cross realm


Base on product team, this behavior is actually by design and not consider as a bug.

Once I changed the default realm to the windows realm in krb5.conf. Kerberos connectivity works fine. But is this really a solution? NO, it is just a hack .

I am really hoping they can fix this soon…



0 Free eBook: Graph Database

Thursday, May 23, 2013

2 Teradata Express & Teradata Studio

Teradata offer 2 different ways to try their database platform for the evaluation purpose. Amazon EC2 and the Virtual machine. Since to get the access the Teradata enterprise is very expensive. Using the express edition is the good way to start and for learning purpose.


Teradata Express

Teradata express 14 has 3 different size to download. 4GB, 40GB and 1TB. The size does not indicate it needs that much disk space to start the vm but it is actually the MAX size the database can allow .  For the 1TB version, it tacks about the 35GB disk space for the starter .

Important:  When start the VM, the vmware would ask you “move it” or “copy it”. Make sure only choice “move”



username: root

password: root





Teradata Studio

Teradata Studio is the eclipse base client tool. There are three options for the Teradata studio, Teradata studio express, Teradata studio and Teradata studio eclipse plugin.

I am not the big fan for using the eclipse base on my previous experience with IBM data studio.

The main difference between express version is that the express version lack of the Admin features.

username: dbc

password: dbc






Sunday, May 19, 2013

0 Getting Start with DB2 10.1

This post is base on “VMware virtual machine with DB2 Enterprise 10.1 trial (64 bit) on SUSE Linux Enterprise Server 11 SP2”.

Download the virtual appliance from IBM website and uncompress the file into the folder.


You can also use the image from IBM DB2 discovery kit but the image but it is 32-bit image.

Use VMware to open the file and then follow the instruction to start up.


The setup process is very straight forward.




default user: db2inst1




Connect from Data Studio:

The default port number is 50001




Saturday, May 18, 2013

3 Extend Windows 2012 Evaluation Period

After the evaluation period is end, you will see the “Activate Windows” reminder on the desktop.


The slmgr.vbs /dli or /xpr would show the license status as “Notification”


Sunday, May 5, 2013

1 Corruption on sys.ifts_comp_fragment_xxxx_yyyy

Somehow, I got the corruption on the sys.ifts_comp_fragment_xxxx_yyyy while running DBCC checkDB.

While the table does not actual exist but the sys.ifts_comp_fragment_xxxx_yyyy is translate from the actual system table - Sys.fulltext_index_fragments

The system table Sys.fulltext_index_fragments contains the fragmentation information for full text index.

XXXX is the object id of the table where has the full text index. YYYY is the fragment id.

According to the MSDN blog here, the author suggest to drop/recreate the full text catalog to resolve the issue.

My case has a slightly difference situation. The base table where the full text index exist has actually page corruption. So I have to fix the corruption first ( DBCC CHECKDB REPAIR_REBUIL … etc).






SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates