Using Kerberos Authentication in Solution Manager Without Joining a Kerberos Realm

The Solution Manager server and the License Manager server can use the authentication method provided by a Kerberos realm (e.g. a Windows Active Directory domain), even if the host where the Solution Manager server and the License Manager server run does not join this realm. To be able to do this, you have to add some properties to the Solution Manager configuration scripts. Follow these steps:

  1. Open the Denodo Control Center.

  2. Click Configure.

  3. Click JVM Options.

  4. In the Solution Manager Server box and the License Manager Server box, add the following (do not remove the existing content of this field):

    -Djava.security.krb5.realm=<domain realm> -Djava.security.krb5.kdc=<Key distribution center 1>[:<key distribution center>]+
    

    For example,

    -Djava.security.krb5.realm=CONTOSO.COM -Djava.security.krb5.kdc=dc-01.contoso.com
    

    If there is more than one key distribution center (kdc) in your domain, add it to the property java.security.krb5.kdc separated by a colon. For example:

    -Djava.security.krb5.realm=CONTOSO.COM -Djava.security.krb5.kdc=dc-01.contoso.com:dc-02.contoso.com
    
  5. To apply these changes, stop all the Solution Manager servers and once they are all stopped, start them again.


If the Solution Manager server and the License Manager server are running on a “headless” host (i.e. a host without graphical support), you cannot launch the Control Center. Instead, to set the Kerberos system properties do the following:

  1. For the Solution Manager server, edit the file <SOLUTION_MANAGER_HOME>/conf/solution-manager/SMConfigurationParameters.properties
  2. For the License Manager server, edit the file <SOLUTION_MANAGER_HOME>/conf/license-manager/LMConfigurationParameters.properties
  3. Add to the java.env.DENODO_OPTS_START property of each file, the properties java.security.krb5.realm and java.security.krb5.kdc with the values explained above.
  4. Execute <SOLUTION_MANAGER_HOME>/bin/regenerateFiles.sh
  5. To apply these changes, stop all the Solution Manager servers and once they are all stopped, start them again.

After performing these steps, please check Authenticating with Kerberos of the Administration Guide in order to use Kerberos authentication.