Kerberos authentication on Cloud for Data Virtualization
Kerberos authentication on Cloud for Data Virtualization
Last updated: Mar 17, 2025
Kerberos authentication on Cloud for Data Virtualization
To connect to Apache Hive, Apache Impala, and Apache Spark SQL with Kerberos authentication, you must provide the Kerberos configuration file to Data Virtualization before
you create the connection.
Kerberos is a passwordless computer network security authentication protocol that MIT created to
solve network security problems. It is widely used for single-sign-on (SSO) by many organizations
today, securely transmitting user identity data to applications with two primary functions:
authentication and security.
Data Virtualization on-premises supports Kerberos authentication for Apache Hive, Apache Impala, and Apache Spark SQL and it requires the user to upload a
keytab file or an encrypted file that the data source generates, and is used for authentication by
using Kerberos.
Note: Kerberos authentication is not available in the Data Virtualization web
client due to a file upload restriction.
Procedure
For each of your Apache Hive, Apache Impala, and Apache Spark SQL data sources, open a new text file and
then complete the following steps to create a configuration file.
Copy and paste the following information into your new text file, then modify the variables, as
signified by the triangle brackets (< >).
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
default_realm = <DEFAULT_DOMAIN_REALM>
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
<KERBEROS_REALM> = {
kdc = <KDC_SERVER>
admin_server = <ADMIN_SERVER>
}
[domain_realm]
<SUBDOMAIN_REALM> = <DOMAIN_REALM><DOMAIN_TO_REALM> = <SUBDOMAIN_TO_REALM>
Consider
the following text as an
example.
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Save the configuration file.
For Apache Hive, save the file as
hive_krb5.conf.
For Apache Impala, save the file as
Impala_krb5.conf.
For Apache Spark SQL, save the file as
spark_krb5.conf.
Open the datavirtualization.env file in your remote agent.
vi /root/dv_endpoint/datavirtualization.env
Verify that the contents in the datavirtualization.env file contains
the following information.
JAVA_HOME: This is the path where Java is installed on your machine.
DATAVIRTUALIZATION_INSTALL: This is the file path for
datavirtualization.env.
KRB5_CONFIG: This is the file path of your newly created
krb5.conf configuration file.
The following is an example of the text that your file might contain.
JAVA_HOME="/root/jdk-21.0.3+9"
DATAVIRTUALIZATION_INSTALL="/root/dv_endpoint"
KRB5_CONFIG=/etc/hive_krb5.conf
Replace the parameters in this stored procedure and then run it in Run
SQL. In addition, replace <Data_source> with
Hive, Impala or SparkSQL.
Check whether the stored procedure was successful by selecting the
Results tab, and then checking the Output value
column.
A successful output has an integer of 1.
An unsuccessful output has an integer of 0. Verify the previous
configuration steps again.
Was the topic helpful?
0/1000
Focus sentinel
Focus sentinel
Focus sentinel
Focus sentinel
Focus sentinel
Cloud Pak for Data relationship map
Use this interactive map to learn about the relationships between your tasks, the tools you need, the services that provide the tools, and where you use the tools.
Select any task, tool, service, or workspace
You'll learn what you need, how to get it, and where to use it.
Tasks you'll do
Some tasks have a choice of tools and services.
Tools you'll use
Some tools perform the same tasks but have different features and levels of automation.
Create a notebook in which you run Python, R, or Scala code to prepare, visualize, and analyze data, or build a model.
Automatically analyze your tabular data and generate candidate model pipelines customized for your predictive modeling problem.
Create a visual flow that uses modeling algorithms to prepare data and build and train a model, using a guided approach to machine learning that doesn’t require coding.
Create and manage scenarios to find the best solution to your optimization problem by comparing different combinations of your model, data, and solutions.
Create a flow of ordered operations to cleanse and shape data. Visualize data to identify problems and discover insights.
Automate the model lifecycle, including preparing data, training models, and creating deployments.
Work with R notebooks and scripts in an integrated development environment.
Create a federated learning experiment to train a common model on a set of remote data sources. Share training results without sharing data.
Deploy and run your data science and AI solutions in a test or production environment.
Find and share your data and other assets.
Import asset metadata from a connection into a project or a catalog.
Enrich imported asset metadata with business context, data profiling, and quality assessment.
Measure and monitor the quality of your data.
Create and run masking flows to prepare copies of data assets that are masked by advanced data protection rules.
Create your business vocabulary to enrich assets and rules to protect data.
Track data movement and usage for transparency and determining data accuracy.
Track AI models from request to production.
Create a flow with a set of connectors and stages to transform and integrate data. Provide enriched and tailored information for your enterprise.
Create a virtual table to segment or combine data from one or more tables.
Measure outcomes from your AI models and help ensure the fairness, explainability, and compliance of all your models.
Replicate data to target systems with low latency, transactional integrity and optimized data capture.
Consolidate data from the disparate sources that fuel your business and establish a single, trusted, 360-degree view of your customers.
Services you can use
Services add features and tools to the platform.
Develop powerful AI solutions with an integrated collaborative studio and industry-standard APIs and SDKs. Formerly known as Watson Studio.
Quickly build, run and manage generative AI and machine learning applications with built-in performance and scalability. Formerly known as Watson Machine Learning.
Discover, profile, catalog, and share trusted data in your organization.
Create ETL and data pipeline services for real-time, micro-batch, and batch data orchestration.
View, access, manipulate, and analyze your data without moving it.
Monitor your AI models for bias, fairness, and trust with added transparency on how your AI models make decisions.
Provide efficient change data capture and near real-time data delivery with transactional integrity.
Improve trust in AI pipelines by identifying duplicate records and providing reliable data about your customers, suppliers, or partners.
Increase data pipeline transparency so you can determine data accuracy throughout your models and systems.
Where you'll work
Collaborative workspaces contain tools for specific tasks.
Where you work with data.
> Projects > View all projects
Where you find and share assets.
> Catalogs > View all catalogs
Where you deploy and run assets that are ready for testing or production.
> Deployments
Where you manage governance artifacts.
> Governance > Categories
Where you virtualize data.
> Data > Data virtualization
Where you consolidate data into a 360 degree view.