I am able to connect to an SAP Hana instance using JDBC using Kerberos authentication using just the connection string "jdbc:sap://hanamachine:30015/". This connection goes through as the user logged into my client (Windows) machine. However, I want to connect to the Hana instance as another user (as I need to support Single sign on in a double hop scenario). Here are things I tried but they failed:

a) I ran kinit and created a TGT for the other user on the client machine. Ran the JDBC connectivity code using the connection string as above. The connection goes through as the user logged into the machine, not as the other user. This makes sense because I have not told the SAP/JDBC code anything about the other user.

b) I used the connection URL "jdbc:sap://hanamachine:30015/?user=otheruser". This failed with an invalid username/password exception (SQLInvalidAuthorizationSpecException). I tried this as the ODBC driver expects a username and no password when doing Kerberos.

c) I did S4U2SELF on behalf of the other user, added the credential to Subject and launched a privileged action as that Subject. The privileged action code just connects to the HANA DB. Even in this case, the DB connection goes through as the user logged into the machine, not as the other user, although the access control context of the privileged action clearly shows that it is the context of the other user.

What do I do to connect to SAP HANA via their JDBC driver as a user who is not logged into the machine? Maybe there is a connection property that I am missing?

To provide more context, I am launching my test application like so: "java -Djava.security.auth.login.config=SampleClient.conf -Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.krb5.conf=krb5.ini -Dsun.security.krb5.debug=true MyJDBCTestApp"

Thanks, Ed