Kerberos Authentication in Data Connection

  • Last update: March 27, 2025
  • Overview

    Introduction to Authentication Methods

    Kerberos authentication is a common authentication method in the Hadoop ecosystem.

    You can configure the Kerberos authentication in two methods.

    • You can set Authentication Method to Kerberos on the data connection configuration page (mainly used for authentication connection using Hive and HBase drivers).

    • You can configure JVM parameters and then configure authentication on the data connection configuration page (mainly used to solve connection errors that occur after you enter the correct information and succeed in authentication on the data connection configuration page, such as an error in connecting to Impala in Cloudera Distributed for Hadoop (CDH).

    Supported Database

    You need to switch database drivers to dedicated drivers and modify URL formats when using Kerberos authentication. The following databases support the Kerberos authentication.


    Database

    Apache Impala

    Hadoop Hive

    Transwarp Inceptor

    DM

    Kafka (supported in FineDataLink of   4.1.13.2 and later versions)

    iconNote: You cannot use the same keytab file to authenticate multiple connections simultaneously. For example, if both Data Connection A and Data Connection B require Kerberos authentication, only one of them can be successfully established at the same time.

    Preparation Before Data Connection

    Download configuration files krb5.conf, Keytab file name.keytab, and principal from the environment.

    Keytab file name.keytab is the key table file. You need to get its path on the application server that provides the Kerberos service. 

    Procedure

    This document takes the data connection to Hadoop Hive as an example.

    Configuring the hosts File

    Open the hosts file on the local server, for example, the hosts file in C:\Windows\System32\drivers\etc Add the remote mapping relationship in the format of IP address Machine name, as shown in the following figure.

    icon

    Note: For projects deployed via FineOps, if you need to use Kerberos authentication, you must modify the hosts file of both the container and the host machine to include the domain names of the database and the Kerberos key distribution center.


    1.png

    Configuring the Data Connection

    Find the corresponding driver based on Kerberos Driver Management modify the URL format accordingly, and set Authentication Method to Kerberos. If you do not find a corresponding driver in Collections of Kerberos Drivers, you can use the driver provided by the data source.

    2.png

    Upload the keytab file and the krb5.conf file, as shown in the following figure.

    3.png

    Click Test Connection. If the connection is successful, click Save to save the data connection, as shown in the following figure.

    附件列表


    主题: Data Source Configuration
    Previous
    Next
    • Helpful
    • Not helpful
    • Only read

    滑鼠選中內容,快速回饋問題

    滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。

    不再提示

    10s後關閉

    Get
    Help
    Online Support
    Professional technical support is provided to quickly help you solve problems.
    Online support is available from 9:00-12:00 and 13:30-17:30 on weekdays.
    Page Feedback
    You can provide suggestions and feedback for the current web page.
    Pre-Sales Consultation
    Business Consultation
    Business: international@fanruan.com
    Support: support@fanruan.com
    Page Feedback
    *Problem Type
    Cannot be empty
    Problem Description
    0/1000
    Cannot be empty

    Submitted successfully

    Network busy