[FEATURE REQUEST] when performing Kerberos Auth, Adds option to skip JAAS login on window

[zeotuan]

Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it

In order to perform connection with JavaKerberos authenticaiton scheme, one option is to use Native platform GSS integration.
This can be done by setting a connection Properties gsscredential (org.ietf.jgss.GSSCredential).
https://learn.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server?view=sql-server-ver16#native-platform-gss-integration

If gsscredential is not provided then mssql-jdbc will try to perform JAAS login before creating the credential (doesn't work on window machine that have credential guard enabled)

This does not work nicely with spark since it only support String type for connection properties value and will throw casting error.

Describe the preferred solution

add a new properties property to tell mssql-jdbc to create a GSSCredential for the user without having to explicitly provide one or attempting to perform JASS login

For example, In postgresql, setting jaasLogin=false and the jdbc will create GssCredential without attempting JAAS login

Describe alternatives you've considered

Currently, In order to use native gss to authenticate to SQLserver usimg mssql-jdbc with spark, I have to write a wrapper jdbc class that help creating the GSSCredential by reading additional custom property

Reference Documentations/Specifications

postgres doc
https://jdbc.postgresql.org/documentation/use/#:~:text=for%20example%20if%20the%20native%20GSS%20implementation%20is%20being%20used%20to%20obtain%20credentials%2C%20set%20this%20to%20false%20.

Reference Implementation

How it's done in postgres https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main/java/org/postgresql/gss/MakeGSS.java#L135

I will Submit a Related PR

[tkyc]

Thanks for looking into submitting a PR. Agreed, the driver's native platform GSS integration isn't as flexible as we'd like.

[ecki]

Btw why is there still a need for the native auth DLL, can it do something which the native-gss cannot do?

[tkyc]

Someone from the team can correct me if I'm wrong or lacking details.

The driver uses the auth DLL to perform integrated windows authentication because we still rely on the native ADAL library. We'd like to move away from ADAL and depend completely on msal4j, but msal4j's integrated windows auth flow requires us to specify the username.

[ecki]

@tkyc yes it uses it for that, but for JavaKerberos with native OS cache it should not need it, since JVM implements it (on Windows).