You can translate the question and the replies:

Kerberos authentication and service accounts

We have denodo 6.0 installed in our company and configured to work with Kerberos. We have fond that it works well for all regular users and delegates credentials to databases just fine. Now, we have some services working under service accounts. For all intent and purposes in our company we create a service account just like any other user account except for the name which is normally the name of the service we want to run. We also set up the login ID with a "svc" suffix like myservice.svc. When we try to have this accounts (or services) login to denodo it errors out. For Oracle we get: Unexpected error creating a connection: java.sql.SQLException: Kerberos target service principal is not specified or Kerberos constrined delegation property name not set For hive we get this: Unexpected error creating a connection: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) Received exception with message 'GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)' So, it looks like it is not registering these accounts somewhere. Is there any setting I can check to make sure it loads these accounts? Has anyone had this same expirience? Thanks!
user
23-08-2018 11:04:40 -0400
code

1 Answer

Hi, Based upon the [Kerberos configuration and troubleshooting guide](https://community.denodo.com/kb/view/document/Kerberos%20configuration%20and%20troubleshooting?category=Security), I would look to see if the principal is set looking like a http URL. For example: >HTTP://host1.subnet1.contoso.com@CONTOSO.COM but remember that the prefix is “HTTP/” without the colon and the extra slash: >HTTP/host1.subnet1.contoso.com@CONTOSO.COM If that does not work, and if you have a valid support account, I would open a support ticket so the support team can go more in depth with the configuration. Hope this helps!
Denodo Team
24-08-2018 11:50:39 -0400
code
You must sign in to add an answer. If you do not have an account, you can register here