Configure "Vertica SQL on Hadoop as a CIS Data Source & Kerberos Authentication"?
Article ID: KB0082866
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 7.0.x |
Description
How to configure "Vertica SQL on Hadoop as a CIS Data Source & Kerberos Authentication"?
Issue/Introduction
Configure "Vertica SQL on Hadoop as a CIS Data Source & Kerberos Authentication"
Resolution
By configuring a JAAS.config tagged with the default “verticajdbc” name, the Krb5LoginModule authentication will be invoked and the Vertica v 8.x JDBC driver will handle the Kerberos credentials of CIS “pass-through” users & the data source stored credentials – totally transparent to CIS. And the existing PAM support for Hive is compatible too.
Content of jaas.config file:
verticajdbc {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
useKeyTab=false
storeKey=true
isInitiator=true
renewTicket=true
doNotPrompt=false
debug=true;
};
NOTE: The debug=true is optional and sends useful debug output to stdout.
Please follow below mentioned steps:
1. Copy the jaas.config file to a well-known folder <my_kerberos_config_folder>.
2. Copy the krb5.conf file to a well-known folder <my_kerberos_config_folder>.
3. Add this config line: login.config.url.1=file: <my_kerberos_config_folder>/jaas.config in the Java config file: <JRE Home>/ lib/security/ java.security to source the jaas.config file. Or, set the Java system property in the CIS server’s start-up script: java.security.auth.login.config (NOTE: If you are using the system property setting, be aware server CIS bin folder scripts can be overwritten due to configuration changes and patches/hot fixes – the change applied to the java.security file is recommended).
4. Set the CIS configuration setting Server >> Configuration >> Security >> Authentication >> Kerberos >> Kerberos Configuration File to point to the krb5.conf file - <my_kerberos_config_folder>/krb5.conf
Content of jaas.config file:
verticajdbc {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
useKeyTab=false
storeKey=true
isInitiator=true
renewTicket=true
doNotPrompt=false
debug=true;
};
NOTE: The debug=true is optional and sends useful debug output to stdout.
Please follow below mentioned steps:
1. Copy the jaas.config file to a well-known folder <my_kerberos_config_folder>.
2. Copy the krb5.conf file to a well-known folder <my_kerberos_config_folder>.
3. Add this config line: login.config.url.1=file: <my_kerberos_config_folder>/jaas.config in the Java config file: <JRE Home>/ lib/security/ java.security to source the jaas.config file. Or, set the Java system property in the CIS server’s start-up script: java.security.auth.login.config (NOTE: If you are using the system property setting, be aware server CIS bin folder scripts can be overwritten due to configuration changes and patches/hot fixes – the change applied to the java.security file is recommended).
4. Set the CIS configuration setting Server >> Configuration >> Security >> Authentication >> Kerberos >> Kerberos Configuration File to point to the krb5.conf file - <my_kerberos_config_folder>/krb5.conf
Feedback
Yes
No
Powered by
