Configure Vertica SQL on Hadoop as a ADS Data Source & Kerberos Authentication
Article ID: KB0082855
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | ALL VERSIONS |
Description
Configure Vertica SQL on Hadoop as a ADS Data Source & Kerberos Authentication
Issue/Introduction
How to Configure Vertica SQL on Hadoop as a ADS Data Source & Kerberos Authentication
Resolution
By configuring a JAAS.config tagged with the default “verticajdbc” name, the Krb5LoginModule authentication will be invoked and the Vertica
v 8.x JDBC driver will handle the Kerberos credentials of ADS “pass-through” users & the data source stored credentials – totally transparent to ADS. And the existing PAM support for Hive is compatible too.
Content of jaas.config file:
verticajdbc {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
useKeyTab=false
storeKey=true
isInitiator=true
renewTicket=true
doNotPrompt=false
debug=true;
};
NOTE: The debug=true is optional and sends useful debug output to stdout.
Please follow below mentioned steps:
1. Copy the jaas.config file to a well-known folder <my_kerberos_config_folder>.
2. Copy the krb5.conf file to a well-known folder <my_kerberos_config_folder>.
3. Add this config line: login.config.url.1=file: <my_kerberos_config_folder>/jaas.config in the Java config file: <JRE Home>/ lib/security/ java.security to source the jaas.config file. Or, set the Java system property in the ADS server’s start-up script: java.security.auth.login.config (NOTE: If you are using the system property setting, be aware server ADS bin folder scripts can be overwritten due to configuration changes and patches/hot fixes – the change applied to the java.security file is recommended).
4. Set the ADS configuration setting Server >> Configuration >> Security >> Authentication >> Kerberos >> Kerberos Configuration File to point to the krb5.conf file - <my_kerberos_config_folder>/krb5.conf
v 8.x JDBC driver will handle the Kerberos credentials of ADS “pass-through” users & the data source stored credentials – totally transparent to ADS. And the existing PAM support for Hive is compatible too.
Content of jaas.config file:
verticajdbc {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
useKeyTab=false
storeKey=true
isInitiator=true
renewTicket=true
doNotPrompt=false
debug=true;
};
NOTE: The debug=true is optional and sends useful debug output to stdout.
Please follow below mentioned steps:
1. Copy the jaas.config file to a well-known folder <my_kerberos_config_folder>.
2. Copy the krb5.conf file to a well-known folder <my_kerberos_config_folder>.
3. Add this config line: login.config.url.1=file: <my_kerberos_config_folder>/jaas.config in the Java config file: <JRE Home>/ lib/security/ java.security to source the jaas.config file. Or, set the Java system property in the ADS server’s start-up script: java.security.auth.login.config (NOTE: If you are using the system property setting, be aware server ADS bin folder scripts can be overwritten due to configuration changes and patches/hot fixes – the change applied to the java.security file is recommended).
4. Set the ADS configuration setting Server >> Configuration >> Security >> Authentication >> Kerberos >> Kerberos Configuration File to point to the krb5.conf file - <my_kerberos_config_folder>/krb5.conf
Feedback
Yes
No
Powered by
