Kerberos Authentication

Virtual DataPort provides support to authenticate its clients using the Kerberos authentication protocol, which is the default authentication method used in Microsoft Windows networks (i.e. networks using Microsoft Active Directory). The benefits of enabling Kerberos are:

  • Single sign-on: the clients of Virtual DataPort will not have to provide its user credentials. E.g. when you launch the Administration Tool, users will not have enter their credentials and neither JDBC clients.
  • The authentication of users is delegated to Active Directory. This simplifies the management of users and their privileges, compared to having to create all the users in Virtual DataPort and manage their passwords.

If you are interested in delegating the authentication of users to Active Directory, but not on single-sign on, create databases with LDAP authentication, which are easier to set up than Kerberos. To enable Kerberos, you have to create a new user in Active Directory, create a Service Principal Name, create a keytab file, etc. Whereas creating a database with LDAP authentication does not require any configuration change.

The section Creating a Database with LDAP Authentication explains how to create databases with LDAP authentication.

When you enable Kerberos in Virtual DataPort, the following users are still able to connect using the regular authentication method:

  • Users created locally in Virtual DataPort.
  • Users that connect to a database with LDAP authentication that use their credentials in the LDAP directory.

Before configuring Kerberos, you have to perform the postinstallation tasks described in the section Setting-up Kerberos Authentication of the Installation Guide. Then do the following from the Administration Tool:

  1. Create the roles for the users: see section Creating the Roles of the Virtual DataPort Users.
  2. Create an LDAP data source: see section Creating an LDAP Data Source.
  3. Set up the Kerberos authentication: see section Setting-Up the Kerberos Authentication in the Virtual DataPort Server.
  4. Configure the Administration Tool to use Kerberos authentication: see section Configuring the Administration Tool to Use Kerberos Authentication.