Connecting to a Kerberos-Enabled Cluster

You can configure the ActiveMatrix BusinessWorks Plug-in for Big Data to connect to Kerberos-enabled Hadoop, HDFS, or Oozie servers by using any of the three Kerberos methods: Keytab, Cached, or Password.

Prerequisites

You must have the following files available when configuring your plug-in:
  • A keytab file that is used to identify the principal
  • On Macintosh and Linux: krb5.conf file. This file contains the information about your KDC server configuration such as realm, and the connection properties.
  • On Windows: krb5.ini file

Generate the above files on your KDC server and keep them handy. Refer to the documentation from your vendor for details on how to generate the files.

Copying the keytab and krb5 Files to Your System

You must copy the krb5 files obtained from the KDC server to the following folder on the machine where the Big Data plug-in is installed:
  • On Macintosh and Linux: /etc
  • On Windows: C:\Windows

Select one of the following Kerberos methods in TIBCO Business Studio to connect to a Kerberos-enabled Hadoop server:

Using the Keytab Method

Follow these steps to use the Keytab method:
  1. In Project Explorer, fully expand the application module, and double-click the HCatalog Connection shared resource under the Resources folder to open the HcatalogConnection Editor in the right pane.
  2. Select the Enable Kerberos check box.
  3. Select Keytab from the Kerberos Method drop-down menu.
  4. Enter the Kerberos Principal in its text box.
  5. Enter the path to the Keytab file on your system or navigate to it by using the button.
  6. Test the connection using the Test Connection button.
Note: Repeat the same steps for the HDFS Connection or Oozie Connection shared resource.

Using the Cached Method

Note: Make sure that you have the keytab file handy before following this procedure. You must cache the keytab file in your environment on the machine where the Big Data plug-in is installed.

Follow these steps to use the Cached method:

  1. Open a command prompt and run the following command:kinit -kt <keytab-filename> <principal-name>

    This utility caches the keytab file in your environment.

  2. After the command completes, run klist to make sure that the keytab file has been properly cached. When successful, the klist command outputs the details of the principal associated with the keytab file.
  3. In Project Explorer, fully expand the application module, and double-click the HCatalog Connection shared resource under the Resources folder to open the HcatalogConnection Editor in the right pane.
  4. Select the Enable Kerberos check box.
  5. Select Cached from the Kerberos Method drop-down menu.
  6. Enter the Kerberos Principal in its text box.
  7. Test the connection using the Test Connection button.
Note: Repeat the same steps for the HDFS Connection or Oozie Connection shared resource.

Using the Password Method

The Password method does not require the keytab file. Follow these steps to use the Password method:

  1. In Project Explorer, fully expand the application module, and double-click the HCatalog Connection shared resource under the Resources folder to open the HcatalogConnection Editor in the right pane.
  2. Select the Enable Kerberos check box.
  3. Select Password from the Kerberos Method drop-down menu.
  4. Enter the Kerberos Principal in its text box.
  5. Enter the password for the Kerberos principal in the Kerberos Password text box.
  6. Test the connection using the Test Connection button.
Note: Repeat the same steps for the HDFS Connection or Oozie Connection shared resource.