在 Docker 中使用 Python 通过 Azure AD MFA 连接到 SQL Server 数据库

我正在尝试设置一个 Python Docker 容器，我可以使用 Azure Active Directory MFA 连接到多个 SQL Server 数据库。

我创建了 Docker 文件，如下所示。这个构建没问题，我在 VSCode devcontainer 中使用它，但不确定我是否已正确获取所有 sql server/odbc 内容，因为我无法做到这一点。我可以在其他应用程序中成功连接到数据库，但不能从容器内成功连接到数据库。

# Docker image with Python3, poyodbc, MS ODBC 18 driver (SQL Server)

# Use official Python image
FROM python:3.10-bullseye

# Set working directory
WORKDIR /app

# Send Python output streams to container log
ENV PYTHONUNBUFFERED 1

# Update apt-get
RUN apt-get update

# Install ggc
RUN apt-get install gcc

# pyodbc dependencies
RUN apt-get install -y tdsodbc unixodbc-dev
RUN apt install unixodbc -y
RUN apt-get clean -y
ADD odbcinst.ini /etc/odbcinst.ini

# ODBC driver dependencies
RUN apt-get install apt-transport-https 
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
RUN curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update

# Install ODBC driver
RUN ACCEPT_EULA=Y apt-get install msodbcsql18 --assume-yes

# Configure ENV for /bin/bash to use MSODBCSQL18
RUN echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile 
RUN echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc 

# Upgrade pip
RUN pip3 install --upgrade pip3

# Install Python libraries from requirements.txt
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt

# Copy project code into image
COPY . .

在容器内，我正在运行一个 python 脚本，该脚本尝试使用 pyodbc 连接到 SQL Server 数据库，如下所示：

import pandas as pd
import pyodbc 

conn = pyodbc.connect('Driver={ODBC Driver 18 for SQL Server};'
                      'Server=<my-server-name>;'
                      'Database=<my-db-name>;'
                      'Trusted_Connection=yes;')

cursor = conn.cursor()

我已将

Trusted_Connection

设置为“yes”，这应该允许使用 MFA，但大概只能在 Windows 下使用。相反，我收到错误消息：

Error: ('HY000', '[HY000] [Microsoft][ODBC Driver 18 for SQL Server]SSPI Provider: No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0) (851968) (SQLDriverConnect)')

我对 Kerberos 一点也不熟悉，但似乎我应该能够使用

kinit

获得票证。阅读文档，看起来我需要将 kinit 安装到容器中并创建文件 krb5.conf 但我不确定如何弄清楚该文件中需要包含哪些内容，或者即使这是正确的完全接近。任何人都可以通过此身份验证步骤为我指明正确的方向吗？

# Docker image with Python3, poyodbc, MS ODBC 18 driver (SQL Server)

# Use official Python base image
FROM python:3.11-bullseye

# Set working directory
WORKDIR /app

# Send Python output streams to container log
ENV PYTHONUNBUFFERED 1

# Update apt-get
RUN apt-get update

# Install ggc
RUN apt-get install gcc

# Install FreeTDS and dependencies
RUN apt-get install unixodbc -y
RUN apt-get install unixodbc-dev -y
RUN apt-get install freetds-dev -y
RUN apt-get install freetds-bin -y
RUN apt-get install tdsodbc -y
RUN apt-get install --reinstall build-essential -y

# Populate "odbcinst.ini" file
RUN echo "[FreeTDS]\n\
Description = FreeTDS unixODBC Driver\n\
Driver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\n\
Setup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so" >> /etc/odbcinst.ini

# ODBC driver dependencies
RUN apt-get install apt-transport-https 
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
RUN curl https://packages.microsoft.com/config/debian/11/prod.list > /etc/apt/sources.list.d/mssql-release.list

# Install ODBC driver
RUN apt-get update
RUN ACCEPT_EULA=Y apt-get install -y msodbcsql18
RUN ACCEPT_EULA=Y apt-get install -y mssql-tools18

# Configure ENV for /bin/bash to use MSODBCSQL18
RUN echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bash_profile 
RUN echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bashrc 

# Install Python libraries from requirements.txt
COPY requirements.txt ./
RUN pip3 install -r requirements.txt

# Copy project code into image
COPY . .

    "features": {
        "ghcr.io/devcontainers/features/azure-cli:1": {}
    },