Installing and configuring Kerberos client on Windows (Studio) - 8.0

How to use Kerberos in Talend Studio with Big Data
Version
8.0
Language
English
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Open Studio for Big Data
Talend Real-Time Big Data Platform
Module
Talend Studio
Content
Data Governance > Third-party systems > Authentication components > Kerberos components
Data Quality and Preparation > Third-party systems > Authentication components > Kerberos components
Design and Development > Designing Jobs > Hadoop distributions
Design and Development > Third-party systems > Authentication components > Kerberos components
Last publication date
2024-02-06
This procedure shows how to install and configure the Kerberos client on Windows.

Procedure

  1. Download Kerberos for Windows release 4.1 and install it from this MIT distribution site.
    Note: In the installation wizard, select the Complete option to install all of the program features. Do not select the Typical or the Custom option, in which only a part of the program features are installed.
  2. All versions of Java from 1.8.0_161 enable the unlimited strength policy files by default, see https://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html for more information. If you are using the previous versions of Java, update the security policies of the JRE to be used using the patch from Oracle's Java download site.

    This update is necessary due to import control restrictions of the U.S. For further information, please consult the README.txt file in the downloaded file.

    To make this update, you can simply make a copy of the original JCE policy files (US_export_policy.jar and local_policy.jar in JAVA_HOME\lib\security) for backup and then replace the original JCE policy files with the corresponding policy files contained in the downloaded jce_policy-6.0.zip file.

    Note: Although both JRE and JDK should work well with Kerberos, some tests Talend went through showed that JDK worked smoothly in some situations in which JRE had issues.
  3. Configure Kerberos on a local machine by setting up the krb5.ini file.

    A sample file can be found in this MIT configuration doc.

    The file location can be specified by system property java.security.krb5.conf. If this property is not set, Java will try to locate this file in these locations (ordered by):

    1. %JAVA_HOME%/lib/security/krb5.conf

    2. %WINDOWS_ROOT%/krb5.ini

    Some machines are possibly not allowed to read file from %WINDOWS_ROOT% such as C:\Windows; so it is recommended to put this file in the hidden folder C:\ProgramData\MIT\Kerberos5, too.

    Alternatively, the system properties java.security.krb5.realm and java.security.krb5.kdc can be used.