Setting-up Kerberos Authentication in the Data Catalog

The Data Catalog provides support to authenticate its clients using the Kerberos authentication protocol.

If you are not going to use the Data Catalog, go to the next postinstallation action.

Once you set-up the Virtual DataPort server to use Kerberos, it is important to distinguish these two scenarios:

  1. The Data Catalog and the Virtual DataPort Server are in the Same Machine
  2. The Data Catalog and the Virtual DataPort Server are in Different Machines

The Data Catalog and the Virtual DataPort Server are in the Same Machine

If the Data Catalog runs on the same host than the Virtual DataPort server, it has to use the same keytab file and the same Service Principal Name as in the Virtual DataPort server. That way, you do not have do anything extra and the Server will be easier to manage.

The Data Catalog and the Virtual DataPort Server are in Different Machines

In this scenario, you will have to perform the same postinstallation tasks you did to enable Kerberos on Virtual DataPort:

  1. In the Active Directory, create a user of type “User”.
  2. Declare a Service Principal Name (SPN) and associate it with this new user.
  3. Generate a keytab file for this SPN.
  4. Copy the keytab file to the host where the Data Catalog runs.

After performing these steps, you have to configure the Data Catalog to use Kerberos authentication. The section Kerberos Configuration of the Data Catalog Guide explains how to do this.