How do I manage authentication for Kerberos using JDBC?
New data integration content available
You're currently viewing a data integration topic that has been replaced and will eventually be removed from our documentation.
For the latest data integration content, see: Data Integration.
Kerberos authentication provides a secure mechanism for verifying the identity of the user and the server and allows only authorized access to the data in the database. Using Kerberos authentication with JDBC provides an added layer of security to ensure the authentication process is safe, secure, and robust. It is highly recommended to use these technologies in conjunction with each other when accessing sensitive data stored in a database.
Sometimes Kerberos requires Keytab to do authentication. A keytab is a file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password). Using Kerberos without entering a password, you can use a keytab file to authenticate to various remote systems. keytab — For more information, visit MIT Kerberos Documentation.
You can configure the keytab location by using the JAAS file. JAAS Login Configuration File (oracle.com) (when referring to the keytab file in jaas, we still need to use "/" even for Windows)
To use the JAAS file, you must pass an additional parameter when we start the extractor server:
-Djava.security.auth.login.config=</some-path-to/jaas.conf>. (put this before -jar **)
Another important thing is the krb5.conf file, which contains Kerberos configuration information. We can pass an additional JVM parameter -Djava.security.krb5.conf=</some-path-to/krb5.conf>. (put this before -jar **). For more information, visit krb5.conf — MIT Kerberos Documentation.