Support Questions
Find answers, ask questions, and share your expertise

What is recommended strategy/best practice to enable consumption tools (like Tableau) to connect to Kerberos enabled cluster?

New Contributor

We have a HW 2.6 On premise cluster which is currently integrated with AD. Now we are looking to enrich the security, by enabling AD Kerberos and enable Knox. Once we make this change, it will also mean that all consumption tools (like Tableau), we need to make some change for it to connect to Kerberos enabled cluster.

Keeping above in mind, seeking suggestion/best practice from below perspective:

1. Can we connect directly to Hive through Kerberos authentication using HW ODBC Driver in Tableau ? If yes, then any limitation or considerations to be aware of? Also any experience of implementing same with MicroStrategy? (We do not need SSO, just want to enable Kerberos as authetication type)

2. Is it preferred to have KNOX act as gateway to all JDBC/ODBC connections? If yes, any specific benefits of using Knox over direct connectivity using ODBC to Hive?

Any suggestion/inputs are welcome on the above 2 questions.


New Contributor

HW Gurus... any recommendation/experience on this aspect

Rising Star

Our organization has taken the approach of using Knox for all of that as it doesn't require your BI Tools be in the same domain. Some tools we use support Kerberos but there are a number of caveats that can make it frustrating like ticket renewals and distributing keytabs and Knox didn't require any of that. One note for Knox if you're running really large SQL Statements you'll have to increase the HTTP Request Size.

New Contributor

Thanks Shawn for your response, it helps to validate my thoughts as well. I completely agree...

; ;