Using Kerberos

If the Use Only SSPI advanced option is disabled, then Kerberos must be installed and configured before you can use this authentication mechanism. For information about configuring Kerberos on your machine, see Configuring Kerberos Authentication for Windows. For information about setting the Use Only SSPI advanced option, see Configuring Advanced Options.

Note:

This authentication mechanism is available only for Spark Thrift Server on non-HDInsight distributions.

To configure Kerberos authentication:

  1. Choose one:
    • To access authentication options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, and then click Configure.
    • Or, to access authentication options for a DSN-less connection, open the Simba Spark ODBC Driver Configuration tool.
  2. From the Mechanism drop-down list, select Kerberos.
  3. Choose one:
    • To use the default realm defined in your Kerberos setup, leave the Realm field empty.
    • Or, if your Kerberos setup does not define a default realm or if the realm of your Spark Thrift Server host is not the default, then, in the Realm field, type the Kerberos realm of the Spark Thrift Server.
  4. In the Host FQDN field, type the fully qualified domain name of the Spark Thrift Server host.

    5. Note:

    To use the Spark server host name as the fully qualified domain name for Kerberos authentication, in the Host FQDN field, type _HOST.

  5. In the Service Name field, type the service name of the Spark server.
  6. Optionally, if you are using MIT Kerberos and a Kerberos realm is specified in the Realm field, then choose one:
    • To have the Kerberos layer canonicalize the server's service principal name, leave the Canonicalize Principal FQDN check box selected.
    • Or, to prevent the Kerberos layer from canonicalizing the server's service principal name, clear the Canonicalize Principal FQDN check box.
  7. To allow the connector to pass your credentials directly to the server for use in authentication, select Delegate Kerberos Credentials.
  8. From the Thrift Transport drop-down list, select the transport protocol to use in the Thrift layer.
    9. Important:

    Important:

    When using this authentication mechanism, the Binary transport protocol is not supported.

  9. If the Spark server is configured to use SSL, then click SSL Options to configure SSL for the connection. For more information, see Configuring SSL Verification.
  10. To save your settings and close the dialog box, click OK.

Related topics