skip to main content
About the Driver : Using the Driver : Using Authentication : Configuring Kerberos Authentication : Configuring the Driver
 
Configuring the Driver
During installation, the following files required for Kerberos authentication are installed in the /lib subdirectory of your product installation directory:
*krb5.conf is a Kerberos configuration file containing values for the Kerberos realm and the KDC name for that realm. A generic file is installed that you must modify for your environment.
*JDBCDriverLogin.conf file is a configuration file that specifies which Java Authentication and Authorization Service (JAAS) login module to use for Kerberos authentication. This file is configured to load automatically unless the java.security.auth.login.config system property is set to load another configuration file. You can modify this file, but the driver must be able to find the JDBC_DRIVER_01 entry in this file or another specified login configuration file to configure the JAAS login module. Refer to your Java SE documentation for information about setting configuration options in this file.
To configure the driver:
1. Set the AuthenticationMethod property to kerberos.
2. Set the ServicePrincipalName property to the case-sensitive service principal name to be used for Kerberos authentication. The service principal name is the name of a server configured in your Apache Spark SQL interfaces file.
The value of the ServicePrincipalName property can include the Kerberos realm name, but it is optional. If you do not specify the realm name, the default realm is used. For example, if the service principal name, including Kerberos realm name, is server/Apache Spark125ase1@XYZ.COM and the default realm is XYZ.COM, valid values for this property are:
server/Apache Spark125ase1@XYZ.COM
and
server/Apache Spark125ase1
3. Modify the krb5.conf file to contain your Kerberos realm name and the KDC name for that Kerberos realm by editing the file with a text editor or by specifying the system properties, java.security.krb5.realm and java.security.krb5.kdc.
Note: If using Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.
For example, if your Kerberos realm name is XYZ.COM and your KDC name is kdc1, your krb5.conf file would look like this:
[libdefaults]
   default_realm = XYZ.COM

[realms]
   XYZ.COM = {
   kdc = kdc1
   }
If the krb5.conf file does not contain a valid Kerberos realm and KDC name, the following exception is thrown:
Message:[DataDirect][SparkSQL JDBC Driver]Could not establish a connection using integrated security: No valid credentials provided
The krb5.conf file is configured to load automatically unless the java.security.krb5.conf system property is set to point to another Kerberos configuration file.
4. If using Kerberos authentication with a Security Manager on a Java Platform, you must grant security permissions to the application and driver. See Permissions for Kerberos Authentication for an example.