-
15. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 3:33 PM (in response to rareddy)page no 313 .. using this I have setup my configuration.
May be this will give you a deeper and clear view.
-
16. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 3:52 PM (in response to debashishsaha004)Teiid Designer tool does not support the automatic kerberos login, so you would have to setup the ticket as described in your link with tableu link and create the keytab file, which is used in the server configuration, have you done that?
-
17. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 3:57 PM (in response to rareddy) -
18. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 4:16 PM (in response to debashishsaha004)Looking back at your configuration you need to use "host" as security domain on your data source, not MYCOMPANY.COM.
-
19. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 4:29 PM (in response to rareddy)<security-domain name="abc" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="principal" value="host/a3000053@MYCOMPANY.COM"/>
<module-option name="keyTab" value="...path to /a3000053.keytab"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="false"/>
</login-module>
</authentication>
</security-domain>
Only this security module ???
-
20. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 4:35 PM (in response to rareddy)Here is the server log
-
Server Log.txt.zip 1.3 KB
-
-
21. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 4:40 PM (in response to rareddy) -
22. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 4:40 PM (in response to debashishsaha004)Use "abc" as security domain in your data source configuration. If you want attach standalone-teiid.xml file for me take look at.
-
23. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 4:42 PM (in response to rareddy)yes .. here I am writing abc .but actually in standalone.xml I have host as name for the security domain.
So I used host
-
24. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 4:46 PM (in response to debashishsaha004)Set "debug" module option to true and post the debug log.
-
25. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 4:48 PM (in response to rareddy) -
26. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 4:51 PM (in response to rareddy)same log .. actually I modified debug =true as hawkins adviced me before.but result is exactly like the attached with my previous reply
-
27. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 5:01 PM (in response to debashishsaha004)That does not sound right, typically there is lot more verbose log. Do you have properties like
<system-properties>
<property name="java.security.krb5.conf" value="/etc/krb5.conf"/>
<property name="java.security.krb5.debug" value="true"/>
<property name="javax.security.auth.useSubjectCredsOnly" value="false"/>
</system-properties>
in your standalone-teiid.xml file right after <extensions> element? krb5.conf point to your KDC settings.
-
28. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 5:05 PM (in response to rareddy) -
29. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 5:11 PM (in response to debashishsaha004)See Kerberos support through GSSAPI · Teiid Documentation "Required System Properties on Server" section. Also an example krb5.conf file at How to implement Kerberos authentication with Teiid over JDBC