Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
Aqua Data Studio / nhilam |
Follow
824
|
Configuring Kerberos for Aqua Data Studio requires passing JVM parameters for Kerberos configuration, configuring the jaas.conf file (Java Authentication and Authorization Service), and configuring the Kerberos Configuration file.
Step 1 : Pass JVM parameters for Kerberos configuration
Add the following JVM paramaters to your Aqua Data Studio datastudio.ini file for windows, to your Aqua Data Studio info.plist file in OS X, or to your Aqua Data Studio datastudio-bundled.sh file in linux.
Java Properties :
-Dsun.security.krb5.debug=[ true | false ] -Dsun.security.jgss.debug=[ true | false ] -Djava.security.krb5.realm=[ example : aqua-internal.com ] -Djava.security.krb5.kdc=[ example : kdc.aqua-internal.com ] -Djava.security.krb5.conf=[ example: /etc/krb5.conf | c:\windows\krb5.ini ] -Djava.security.auth.login.config=[ example : /etc/jaas.conf | c:\windows\jaas.conf ] -Djavax.security.auth.useSubjectCredsOnly=[ true | false ]
Example datastudio.ini :
vmarg.5 = -Dsun.security.krb5.debug=true vmarg.6 = -Dsun.security.jgss.debug=true vmarg.7 = -Djava.security.krb5.realm=aqua-internal.com vmarg.8 = -Djava.security.krb5.kdc=kdc.aqua-internal.com vmarg.9 = -Djava.security.krb5.conf=/etc/krb5.conf vmarg.10 = -Djava.security.auth.login.config=/etc/jaas.conf vmarg.11 = -Djavax.security.auth.useSubjectCredsOnly=false
Example datastudio-bundled.sh :
$ADS_HOME/jre/bin/java -Djsse.enableCBCProtection=false -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -Djava.security.krb5.realm=aqua-internal.com -Djava.security.krb5.kdc=kdc.aqua-internal.com -Djava.security.krb5.conf=c:\windows\krb5.ini -Djava.security.auth.login.config=c:\windows\jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false -Xmx756M -XX:MaxPermSize=192m -cp $CLASSES com.aquafold.datastudio.DataStudio
Example OS X /Aqua Data Studio.app/Contents/Info.plist :
<array> <string>-DappRoot=$APP_ROOT</string> <string>-Djsse.enableCBCProtection=false</string> <string>-Dapple.laf.useScreenMenuBar=true</string> <string>-Dsun.security.krb5.debug=true</string> <string>-Dsun.security.jgss.debug=true</string> <string>-Djava.security.krb5.realm=aqua-internal.com</string> <string>-Djava.security.krb5.kdc=kdc.aqua-internal.com</string> <string>-Djava.security.krb5.conf=/etc/krb5.conf</string> <string>-Djava.security.auth.login.config=/etc/jaas.conf</string> <string>-Djavax.security.auth.useSubjectCredsOnly=false</string> <string>-Xmx756m</string> <string>-XX:MaxPermSize=192m</string> </array>
Step 2 : Configure jaas.conf configuration file (Java Authentication and Authorization Service)
All that is required is a simple jaas.conf file with the contents :
EXAMPLE jaas.conf file
JaasClient { com.sun.security.auth.module.krb5LoginModule required debug=true useTicketCache = true; };
For more on configuring the jaas.conf file see:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html
Step 3 : Configure krb5.conf (or krb5.ini) file (Kerberos Configuration File)
If you do not have a Kerberos configuration file please reference example <ADS_HOM>\krb5.ini.example
For more on configuring the Kerberos Configuration file see:
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
Step 4: Install JCE Unlimited Strength for Java
Step 5 : Insure that the following Apache Hive JDBC Drivers are installed
About AquaClusters Privacy Policy Support Version - 19.0.2-4 AquaFold, Inc Copyright © 2007-2017
When trying to connect to a kerborized hive envirnomnet i'm getting the following error:
Could not open client transport with JDBC Uri: jdbc:hive2://some.hostname.com:10000/default;principal=hive/username@MYREALM.LOCAL: GSS initiate failed
I've learned the 'servicename' in the connection string should be Hive, i saw this in some other applications documentation.
Do i need MIT Kerberos client installed in windows? This document makes no mention of that.
Any idea what my issue may be with my error above? Thanks in advance,
When trying to connect to a kerborized hive envirnomnet i'm getting the following error:
Could not open client transport with JDBC Uri: jdbc:hive2://some.hostname.com:10000/default;principal=hive/username@MYREALM.LOCAL: GSS initiate failed
I've learned the 'servicename' in the connection string should be Hive, i saw this in some other applications documentation.
Do i need MIT Kerberos client installed in windows? This document makes no mention of that.
Any idea what my issue may be with my error above? Thanks in advance,
Turn a round:
The connection of Subversion in version 15.x turned out harder than expected.
The help and documentation on your pages is insufficient and partly false.
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/wikibook/Documentation15/page/Kerberos-Configuration/Kerberos-Configuration
At Step1:
Here the missing details of
vmarg. <x> =
For Step2:
To use their entries in the file, so you will be asked each time you connect to the SVN server for the password.
Furthermore, the notice that before a directory is checked out of the subdirectory jre\bin\ from the ADS installation run the program kinit and password must be entered once missing.
------------------
As a local Admin following things are done.
1. Add the following lines to the datastudio.ini
vmarg.5 = -Dsun.security.krb5.debug = true
vmarg.6 = -Dsun.security.jgss.debug = true
vmarg.7 = -Djava.security.krb5.realm = [example: aqua-internal.com]
vmarg.8 = -Djava.security.krb5.kdc = [example: kdc.aqua-internal.com]
vmarg.9 = -Djava.security.auth.login.config = [example: /etc/jaas.conf | c: \ windows \ jaas.conf]
vmarg.10 = -Djavax.security.auth.useSubjectCredsOnly = false
(On the krb5.ini we have omitted.)
The file is jaas.conf must be:
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug = true useTicketCache = true;
};
Turn a round:
The connection of Subversion in version 15.x turned out harder than expected.
The help and documentation on your pages is insufficient and partly false.
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/wikibook/Documentation15/page/Kerberos-Configuration/Kerberos-Configuration
At Step1:
Here the missing details of
vmarg. <x> =
For Step2:
To use their entries in the file, so you will be asked each time you connect to the SVN server for the password.
Furthermore, the notice that before a directory is checked out of the subdirectory jre\bin\ from the ADS installation run the program kinit and password must be entered once missing.
------------------
As a local Admin following things are done.
1. Add the following lines to the datastudio.ini
vmarg.5 = -Dsun.security.krb5.debug = true
vmarg.6 = -Dsun.security.jgss.debug = true
vmarg.7 = -Djava.security.krb5.realm = [example: aqua-internal.com]
vmarg.8 = -Djava.security.krb5.kdc = [example: kdc.aqua-internal.com]
vmarg.9 = -Djava.security.auth.login.config = [example: /etc/jaas.conf | c: \ windows \ jaas.conf]
vmarg.10 = -Djavax.security.auth.useSubjectCredsOnly = false
(On the krb5.ini we have omitted.)
The file is jaas.conf must be:
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug = true useTicketCache = true;
};