Enable Kerberos Authentication for Apache Phoenix Connectors
This applies to: Visual Data Discovery
Support for Kerberos authentication for Symphony Apache Phoenix connectors is only provided for Phoenix 4.7 (and later) connectors. It is not provided for any version of the Phoenix QueryServer connector.
Enable Kerberos authentication for Apache Phoenix connectors:
Download
hbase-site.xml
andcore-site.xml
files from the Apache HDFS and HBase microservices. For example, for Hortonworks you can use the instructions at the following link: https://docs.cloudera.com/HDPDocuments/Ambari-2.6.2.2/bk_ambari-operations/content/downloading_client_configs.html.-
Add the following configuration options to the
hbase-site.xml
file:<property> <name>hbase.myclient.principal</name> <value>YOUR_PRINCIPAL</value> </property> <property> <name>hbase.myclient.keytab</name> <value>PATH_TO_YOUR_KEYTAB</value> </property>Substitute the ID of your Kerberos principal for
YOUR_PRINCIPAL
and the path to your Kerberos keytab file forPATH_TO_YOUR_KEYTAB
. -
Verify that the
core-site.xml
file contains the following entry:<property> <name>hadoop.security.authentication</name> <value>kerberos</value> </property> Make sure that the Apache Phoenix connector has access to the
hbase-site.xml
andcore-site.xml
files as well as the Kerberos keytab file you identified inPATH_TO_YOUR_KEYTAB
. We recommend that you place these files in the/etc/zoomdata/edc-phoenix
directory.-
Add the following property to the
/etc/zoomdata/edc-phoenix-4.7.properties
file to direct the Apache Phoenix connector to the files you createddatasource.config.files-path=/etc/zoomdata/edc-phoenix
Note: Symphony does not recommend that you provide the Kerberos principal ID and keytab file path using a JDBC URL. The Apache Phoenix driver has a bug that will not refresh a ticket after expiration.
Comments
0 comments
Please sign in to leave a comment.