Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
Configuring Kerberos for Aqua Data Studio requires passing JVM parameters for Kerberos configuration, configuring the jaas.conf file (Java Authentication and Authorization Service), and configuring the Kerberos Configuration file.
Ensure that the correct Apache Hive JDBC Drivers are installed for your distribution.
Step 1 : Pass JVM parameters for Kerberos configuration
Add the following JVM paramaters to your Aqua Data Studio datastudio.ini file for windows, to your Aqua Data Studio info.plist file in OS X, or to your Aqua Data Studio datastudio-bundled.sh file in linux.
Java Properties :
-Dsun.security.krb5.debug=[ true | false ] -Dsun.security.jgss.debug=[ true | false ] -Djava.security.krb5.realm=[ example : aqua-internal.com ] -Djava.security.krb5.kdc=[ example : kdc.aqua-internal.com ] -Djava.security.krb5.conf=[ example: /etc/krb5.conf | c:\windows\krb5.ini ] -Djava.security.auth.login.config=[ example : /etc/jaas.conf | c:\windows\jaas.conf ] -Djavax.security.auth.useSubjectCredsOnly=[ true | false ]
Example Windows datastudio.ini:
vmarg.5 = -Dsun.security.krb5.debug=true vmarg.6 = -Dsun.security.jgss.debug=true vmarg.7 = -Djava.security.krb5.realm=aqua-internal.com vmarg.8 = -Djava.security.krb5.kdc=kdc.aqua-internal.com vmarg.9 = -Djava.security.krb5.conf=c:\windows\krb5.ini vmarg.10 = -Djava.security.auth.login.config=c:\windows\jaas.conf vmarg.11 = -Djavax.security.auth.useSubjectCredsOnly=false
Example Linux datastudio-bundled.sh:
$ADS_HOME/jre/bin/java -Djsse.enableCBCProtection=false -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -Djava.security.krb5.realm=aqua-internal.com -Djava.security.krb5.kdc=kdc.aqua-internal.com -Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/etc/jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false -Xmx756M -XX:MaxPermSize=192m -cp $CLASSES com.aquafold.datastudio.DataStudio
Example OS X /Aqua Data Studio.app/Contents/Info.plist :
<array> <string>-DappRoot=$APP_ROOT</string> <string>-Djsse.enableCBCProtection=false</string> <string>-Dapple.laf.useScreenMenuBar=true</string> <string>-Dsun.security.krb5.debug=true</string> <string>-Dsun.security.jgss.debug=true</string> <string>-Djava.security.krb5.realm=aqua-internal.com</string> <string>-Djava.security.krb5.kdc=kdc.aqua-internal.com</string> <string>-Djava.security.krb5.conf=/etc/krb5.conf</string> <string>-Djava.security.auth.login.config=/etc/jaas.conf</string> <string>-Djavax.security.auth.useSubjectCredsOnly=false</string> <string>-Xmx756m</string> <string>-XX:MaxPermSize=192m</string> </array>
Step 2 : Configure jaas.conf configuration file (Java Authentication and Authorization Service)
All that is required is a simple jaas.conf file with the contents :
EXAMPLE jaas.conf file (except Cloudera)
JaasClient {
com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache = true;
};
For more on configuring the jaas.conf file see:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html
EXAMPLE Cloudera jaas.conf file
Client {
com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache = true;
};
For more on configuring the jaas.conf file see section "Setting Up the JAAS Login Configuration File" in below PDF file:
Step 3 : Configure krb5.conf (or krb5.ini) file (Kerberos Configuration File)
If you do not have a Kerberos configuration file please reference example <ADS_HOME>\krb5.ini.example
For more on configuring the Kerberos Configuration file see:
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
Step 4: Install JCE Unlimited Strength for Java
Step 1: add java params
Step 2: Create jaas.conf file
Step 3: Create krb5.ini file
Step 4: Replace jre security files with jce unlimited
Step 5: Get jdbc drivers for the version of database you are connecting to
Step 6: Request your kerberos ticket
Step 7: Run datastudio and create a connection and test it