Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Ask INFA.
Success
Manage your Success Plans and Engagements, gain key insights into your implementation journey, and collaborate with your CSMs
Customer Experience Accelerators
Accelerate your Purchase to Value by engaging with Informatica for Customer Success
My Engagements
All your Engagements at one place
 Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
 Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Experience Lounge
Self-guided, intuitive experience platform for outcome-focused product capabilities and use cases
 Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
SupportFlash
Monthly support newsletter
Product Availability Matrix
Product Availability Matrix statements of Informatica products
Product Lifecycle
End of Life statements of Informatica products
Pulse
Monitor the status of your Informatica services across regions
Events
Change Request Tracking
Marketplace
Trust Platform
English
  • Data Integration Connectors
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to Microsoft SQL Server Connector
  3. Connections for Microsoft SQL Server
  4. Synchronization tasks with Microsoft SQL Server Connector
  5. Mappings and mapping tasks with Microsoft SQL Server Connector
  6. Replication tasks with Microsoft SQL Server
  7. Troubleshooting
  8. Data type reference

Microsoft SQL Server Connector

Microsoft SQL Server Connector

Back Next

Configuring Kerberos authentication

Configuring Kerberos authentication

Before you use Kerberos authentication to connect to Microsoft SQL Server on Linux or Windows, the organization administrator needs to perform the prerequisite tasks.
  1. To configure the Java Authentication and Authorization Service configuration file (JAAS), perform the following tasks:
    1. Create a JAAS configuration file on the Secure Agent machine.
    2. Add the following entries to the JAAS configuration file:
      JDBC_DRIVER_01 {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
};
      Ensure that you specify each key-value pair on a separate line. You can update the values of the given configuration or add additional configuration details according to your requirements.
  2. To configure the
    krb5.conf
     file, perform the following tasks:
    1. Create a
      krb5.conf
       file on the Secure Agent machine.
    2. Add the details of the Key Distribution Center (KDC) and admin server to the
      krb5.conf
       file in the following format:
      [libdefaults]
default_realm = <Realm name>
forwardable = true
ticket_lifetime = 24h

[realms]
<REALM NAME> = {
kdc = <Location where KDC is installed> 
admin_server = <Location where KDC is installed>
}
[domain_realm]
<domain name or host name> = <Domain name or host name of Kerberos>
<domain name or host name> = <Domain name or host name of Kerberos>
      Ensure that you don’t set user-specific values in any key-value pair. You can update the values of the given configuration or add additional configuration details according to your requirements.
  3. To generate the credential cache file on the Secure Agent machine, perform the following tasks:
    1. On the Secure Agent machine, run the following command and specify the Microsoft SQL Server user name and realm name:
      kinit <user name>@<realm_name>
    2. When prompted, enter the password for the Kerberos principal user.
    3. Optionally, when you connect to a Microsoft SQL Server database on Linux, you can run the following command to generate the credential cache file with the specified file name and directory on the Secure Agent machine:
      kinit -c <Directory and file name where you want to create the credential cache> <user name>@<realm_name>
  4. Add the
    KRB5_CONFIG
    ,
    KRB5CCNAME
    , and
    JAASCONFIG
     properties in the
    Metadata Advanced Connection Properties
     field in the Microsoft SQL Server connection.
    For example, add the properties in the following format:
    KRB5_CONFIG=<Absolute path of the Kerberos configuration file>\krb5.conf;KRB5CCNAME=<Absolute path of the credential cache file>/<File name>;JAASCONFIG=<Absolute path of the JAAS config file>\<File name>.conf
    Ensure that you separate each key-value pair with a semicolon.
  5. Add the
    KRB5_CONFIG
     and
    KRB5CCNAME
     properties in the
    Runtime Advanced Connection Properties
     field in the Microsoft SQL Server connection.
    For example, add the properties in the following format:
    KRB5_CONFIG=<Absolute path of the Kerberos configuration file>\krb5.conf;KRB5CCNAME=<Absolute path of the credential cache file>/<File name>
    Ensure that you separate each key-value pair with a semicolon.
  6. Optionally, set the environment variables on the Secure Agent machine.
    If you set the environment variables, you can't use more than one Kerberos principal user in a connection.
    1. Set the following environment variables:
      • setenv KRB5CCNAME <Absolute path and file name of the credentials cache file>
      • setenv KRB5_CONFIG <Absolute path of the Kerberos configuration file>\krb5.conf
      • setenv JAASCONFIG <Absolute path of the JAAS config file>\<File name>.conf
    2. Restart the Secure Agent.
  7. Ensure that the user who runs the mapping has read access to the files related to Kerberos authentication on the Secure Agent.
0 COMMENTS
We’d like to hear from you!