Using Kerberos
To configure Kerberos authentication:
- To access authentication options, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, and then click Configure.
- From the Mechanism drop-down list, select Kerberos.
- Choose one:
- To use the default realm defined in your Kerberos setup, leave the Realm field empty.
- Or, if your Kerberos setup does not define a default realm or if the realm of your
- In the Host FQDN field, type the fully qualified domain name of the
- In the Service Name field, type the service name of the Impala server.
- Optionally, if you are using MIT Kerberos and a Kerberos realm is specified in the Realm field, then choose one:
- To have the Kerberos layer canonicalize the server's service principal name, leave the Canonicalize Principal FQDN check box selected.
- Or, to prevent the Kerberos layer from canonicalizing the server's service principal name, clear the Canonicalize Principal FQDN check box.
- To allow the connector to pass your credentials directly to the server for use in authentication, select Delegate Kerberos Credentials.
- If the Impala server is configured to use SSL, then click SSL Options to configure SSL for the connection. For more information, see Configuring SSL Verification.
- Optionally, in the Transport Buffer Size field, type the number of bytes to reserve in memory for buffering unencrypted data from the network.
- To save your settings and close the dialog box, click OK.
Note:
To use the Impala server host name as the fully qualified domain name for Kerberos authentication, in the Host FQDN field, type _HOST.
Note:
In most circumstances, the default value of 1000 bytes is optimal.
- Configuring Kerberos Authentication for Windows
- Configuring Authentication
- Authentication Options
- Using No Authentication
- Using Advanced Kerberos
- Using SASL User Name
- Using User Name And Password
- Creating a Data Source Name
- Authentication Driver Configuration Options on page 1