Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
Aqua Data Studio / nhilam |
Follow
827
|
Configuring Kerberos for Aqua Data Studio requires passing JVM parameters for Kerberos configuration, configuring the jaas.conf file (Java Authentication and Authorization Service), and configuring the Kerberos Configuration file.
Ensure that the correct Apache Hive JDBC Drivers are installed for your distribution before proceeding.
Step 1 : Pass JVM parameters for Kerberos configuration
Add the following JVM paramaters to your Aqua Data Studio datastudio.ini file for windows, to your Aqua Data Studio info.plist file in OS X, or to your Aqua Data Studio datastudio-bundled.sh file in linux.
Java Properties :
-Dsun.security.krb5.debug=[ true | false ] -Dsun.security.jgss.debug=[ true | false ] -Djava.security.krb5.realm=[ example : aqua-internal.com ] -Djava.security.krb5.kdc=[ example : kdc.aqua-internal.com ] -Djava.security.krb5.conf=[ example: /etc/krb5.conf | c:\windows\krb5.ini ] -Djava.security.auth.login.config=[ example : /etc/jaas.conf | c:\windows\jaas.conf ] -Djavax.security.auth.useSubjectCredsOnly=[ true | false ]
Example Windows datastudio.ini:
vmarg.5 = -Dsun.security.krb5.debug=true vmarg.6 = -Dsun.security.jgss.debug=true vmarg.7 = -Djava.security.krb5.realm=aqua-internal.com vmarg.8 = -Djava.security.krb5.kdc=kdc.aqua-internal.com vmarg.9 = -Djava.security.krb5.conf=c:\windows\krb5.ini vmarg.10 = -Djava.security.auth.login.config=c:\windows\jaas.conf vmarg.11 = -Djavax.security.auth.useSubjectCredsOnly=false
Example Linux datastudio-bundled.sh:
$ADS_HOME/jre/bin/java -Djsse.enableCBCProtection=false -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -Djava.security.krb5.realm=aqua-internal.com -Djava.security.krb5.kdc=kdc.aqua-internal.com -Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/etc/jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false -Xmx756M -XX:MaxPermSize=192m -cp $CLASSES com.aquafold.datastudio.DataStudio
Example OS X /Aqua Data Studio.app/Contents/Info.plist :
<array> <string>-DappRoot=$APP_ROOT</string> <string>-Djsse.enableCBCProtection=false</string> <string>-Dapple.laf.useScreenMenuBar=true</string> <string>-Dsun.security.krb5.debug=true</string> <string>-Dsun.security.jgss.debug=true</string> <string>-Djava.security.krb5.realm=aqua-internal.com</string> <string>-Djava.security.krb5.kdc=kdc.aqua-internal.com</string> <string>-Djava.security.krb5.conf=/etc/krb5.conf</string> <string>-Djava.security.auth.login.config=/etc/jaas.conf</string> <string>-Djavax.security.auth.useSubjectCredsOnly=false</string> <string>-Xmx756m</string> <string>-XX:MaxPermSize=192m</string> </array>
Step 2 : Configure jaas.conf configuration file (Java Authentication and Authorization Service)
Create a file called jaas.conf file with the contents specified below depending on your distribution. This file should be located in the same directory that is specified for the java property -Djava.security.auth.login.config
EXAMPLE jaas.conf file (except Cloudera)
JaasClient { com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache = true; };
For more on configuring the jaas.conf file see:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html
EXAMPLE jaas.conf file used for Cloudera
Client { com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache = true; };
For more information on configuring the jaas.conf file see section "Setting Up the JAAS Login Configuration File" in below PDF file:
Step 3 : Configure krb5.conf (or krb5.ini) file (Kerberos Configuration File)
If you do not have a Kerberos configuration file, copy the ADS reference example from <ADS_HOME>\krb5.ini.example to the folder that you specified for the java property -Djava.security.krb5.conf
For more on configuring the Kerberos Configuration file see: http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
Step 4: Install JCE Unlimited Strength for Java
Step 1: Ensure you have the correct Apache Hive JDBC Drivers for your distribution.
Step 2: Add java params
Step 3: Create jaas.conf file
Step 4: Create krb5.ini file
Step 5: Replace jre security files with jce unlimited
About AquaClusters Privacy Policy Support Version - 19.0.2-4 AquaFold, Inc Copyright © 2007-2017