Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking Administration
  3. Authentication
  4. Security
  5. Connection Management
  6. JDBC Client Configuration
  7. ODBC Client Configuration
  8. Configuration for MicroStrategy
  9. Access Control
  10. Logs
  11. High Availability
  12. Server Control
  13. Performance Tuning
  14. Troubleshooting
  15. Appendix A: Database Keywords

Administrator Guide

Administrator Guide

Kerberos Authentication for Hive or Impala Databases

Kerberos Authentication for Hive or Impala Databases

You can enable Kerberos authentication for Hive, Hive (HTTP), and Impala databases. Copy the
krb5.conf
file and the keytab file for the Dynamic Data Masking service principal to the Dynamic Data Masking Server machine. Then configure the
ddm.security
file.
For more information on Kerberos authentication for Hive and Impala, see the H2L "
Enabling Kerberos for Hive and Impala Databases in Dynamic Data Masking
."
  1. Stop the Dynamic Data Masking Server.
  2. Copy the
    krb5.conf
    file and the keytab file for the Dynamic Data Masking service principal to the Dynamic Data Masking Server machine.
  3. If you have not already created an XML
    ddm.security
    configuration file, create the file in the following location:
    <DDM>/cfg/ddm.security
  4. Configure the
    ddm.security
    file as shown in the example below:
    <XML> <kdc>/etc/krb5.conf</kdc> <jaasConfig type="ArrayList"> <entry type="JaasDescriptor"> <fqcn>com.activebase.security.jaas.JaasProcessorImpl</fqcn> <configuration> <jaasEntries type="HashMap"> <entry> <key>default</key> <value type="ArrayList"> <entry type="HashMap"> <entry> <key>moduleClass</key> <value>com.sun.security.auth.module.Krb5LoginModule</value> </entry> <entry> <key>moduleFlag</key> <value>required</value> </entry> <entry> <key>options</key> <value type="HashMap"> <entry> <key>principal</key> <value>ddmserver/ddmhost@realm.com</value> </entry> <entry> <key>keyTab</key> <value>cfg/ddmService.keytab</value> </entry> </value> </entry> </entry> </value> </entry> </jaasEntries> </configuration> </entry> </jaasConfig> </XML>
  5. Configure the following values in the
    ddm.security
    file:
    • For the value of the principal key, specify the Dynamic Data Masking service principle name (SPN).
    • For the value of the keyTab key, specify the keytab file name with path.
If SSL authentication is enabled on the Hive or Impala server, follow the steps in Keystore Configuration and Truststore Configuration to enable SSL for Hive or Impala services.

0 COMMENTS

We’d like to hear from you!