Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

MSSQL JDBC Driver - Linux Kerberos Authentication

Highlighted

MSSQL JDBC Driver - Linux Kerberos Authentication

New Contributor

I am trying to connect to a MSSQL 2012 server in NiFi using Kerberos. I am using the following driver: mssql-jdbc-7.0.0.jre10.jar. I am running RHEL 7.5 and the machine is connected to a windows domain.

I have added the following to bootstrap.conf:

java.arg.17=-Djava.security.auth.login.config=/opt/nifi/conf/sqljdbcdriver.conf

/opt/nifi/conf/sqljdbcdriver.conf contains the following:

SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/opt/keytab/********"
storeKey=true
doNotPrompt=true
useTicketCache=false
debug=true
principal="MSSQLSvc/********";
};

My connection string looks like this:

jdbc:sqlserver://HOSTNAME;instanceName=NAME;catalog=CAT;authenticationScheme=JavaKerberos;integratedSecurity=true

I have also KINIT the keytab into cache on the system (not sure if required).

The error message I get is:

14:51:03 GMTERROR3be833a8-655b-1ba9-ab73-75b65a40264f SERVERNAME:9443QueryDatabaseTable[id=3be833a8-655b-1ba9-ab73-75b65a402641] Failed to process session due to org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Kerberos Login failed: Integrated authentication failed. ClientConnectionId:4176f72c-78e6-4da9-bd3b-2b414a78dc71 due to javax.security.auth.login.LoginException (Cannot get any of properties: [user, USER] from con properties not available to garner authentication information from the user)): org.apache.nifi.processor.exception.ProcessException: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Kerberos Login failed: Integrated authentication failed. ClientConnectionId:4176f72c-78e6-4da9-bd3b-2b414a78dc71 due to javax.security.auth.login.LoginException (Cannot get any of properties: [user, USER] from con properties not available to garner authentication information from the user))

Please can someone point me in the right direction.


Thank you