Managing KDC definitions
If your datasource requires authentication using Kerberos, you can specify the information needed for Guardium to obtain a Kerberos ticket before making the connection.
About this task
You can assign a KDC to a specific datasource or managed unit group, to provide Guardium authentication for Mongo and Hive databases. The appliance gets a ticket via the JDBC connection, so the users do not need to get tickets themselves. Note that this is independent from what the appliance itself is set up to use.
You can define up to 5 Kerberos Key Distribution Centers (KDC) on a Central Manager, and one on a standalone Guardium. To add a Key Distribution Center to Guardium you specify:
- realm: domain name in uppercase letters
- KDC: hostname of the Kerberos server
- encryption type for Kerberos tickets
- des-cbc-md5
- des-cbc-crc
- rc4-hmac
- des3-cbc-sha1
- aes128-cts-hmac-sha1-96
- aes256-cts-hmac-sha1-96
Procedure
- Click
- Click to create a new configuration.
- Specify Name, KDC, and Realm.
- Specify Encryption Type. The default is aes256-cts-hmac-sha1-96.
- Click Save.
What to do next
After you have created a Kerberos KDC, you can select it when configuring your datasource setup.