For all Kerberos authentication implementations (Windows, Linux, and MAC OS X), you must obtain a jaas.conf, krb5.conf, and a keytab file from your Hadoop system administrator.
You can create a Java Authentication and Authorization Service (JAAS) login configuration file (jaas.conf) by using the following sample for reference purposes:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keytab="THE/PATH/TO/YOUR/KEYTAB"
useTicketCache=true
principal="USERNAME@HOST.DOMAIN.COM"
debug=true;
};Once your jaas.conf file is created, specify the following values in the iWayBigDataIntegrator.ini or eclipse.ini file:
## Java properties for Kerberized Hadoop
Djava.security.auth.login.config=/PATH/TO/YOUR/jaas.conf
Djavax.security.auth.useSubjectCredsOnly=false
Djava.security.krb5.realm=HOST.DOMAIN.COM
Djava.security.krb5.kdc=KDC.HOST.DOMAIN.COM
The iWayBigDataIntegrator.ini file is located in the root folder your iBDI installation.
For reference purposes, the following are sample JDBC URLs for Kerberos:
jdbc:hive2://localhost:10000/default;principal=hive/_HOST@HOST.DOMAIN.COM
jdbc:hive2://localhost:10000;principal=hive/_HOST@HOST.DOMAIN.COM;AuthMech=1; KrbRealm=HOST.DOMAIN.COM;KrbHostFQDN=HOST.DOMAIN.COM;KrbServiceName=hive
jdbc:hive2://localhost:10000/default;principal=hive/_HOST@HOST.DOMAIN.COM;AuthMech=1; KrbRealm=HOST.DOMAIN.COM;KrbHostFQDN=HOST.DOMAIN.COM;KrbServiceName=hive