Does Kerberos connection to the SQL server needs password to be supplied in connection properties?

Question

I am trying to connect to sql server by using keytab and it throws below error

com.microsoft.sqlserver.jdbc.SQLServerException: Cannot login with Kerb

Answer 1

The client needs to be authenticated to the domain first. e.g. on Linux and MacOS using MIT Kerberos, you can use the kinit command to get a kerberos ticket.

Once granted you can then authenticate to Sql via that ticket without supplying anything else.

[Update]

If your host and target are both on a Windows domain and they're on the same domain, then you should already be good to go.

That said, Sql will only allow you to authenticate using Kerberos if the service account that is running the engine has privileges to create a Service Principal Name (or a user with appropriate rights has created a SPN with the setSPN command).

You can tell if Sql's been able to register the SPN by looking at the Sql Error Log for text like

The SQL Server Network Interface library successfully registered the Service Principal Name (SPN) [ MSSQLSvc/MySqlServerHostName:1433 ] for the SQL Server service

There's a lot to Kerberos than can be covered in just a StackOverflow Answer.