Accessing Impala under a Kerberos Environment using DBeaver

Database Technologies
1

Accessing Impala under a Kerberos Environment using DBeaver

Overview

In this article, we will discuss how to use DBeaver to access Impala under a Kerberos environment. This guide assumes that you have already installed DBeaver and have a basic understanding of Kerberos.

Test Environment

Our test environment consists of:

  • RedHat 7.2
  • CM and CDH version 5.15.0
  • Window Server 2012 R2
  • DBeaver version 5.2.5

Installing Kerberos Client

To access Impala under a Kerberos environment, we need to install a Kerberos client. You can download the Kerberos client from the official website: MIT Kerberos Distribution Page

Configuring Kerberos Client

After installing the Kerberos client, we need to configure the /etc/krb5.conf file on the Window client-side. The file should contain the following configuration:

[Libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = true
default_realm = FAYSON.COM

[Realms]
FAYSON.COM = {
  kdc = adserver.fayson.com
  admin_server = adserver.fayson.com
}

[Domain_realm]
.fayson.com = FAYSON.COM
fayson.com = FAYSON.COM

Configuring Environment Variables

We need to configure the environment variables KRB5_CONFIG and KRB5CCNAME to point to the Kerberos configuration file and the Kerberos credential cache file, respectively. The variables should be set as follows:

  • Variable name: KRB5_CONFIG, variable value: C:\ProgramData\MIT\Kerberos5\krb5.ini
  • Variable name: KRB5CCNAME, variable value: C:\temp\krb5cache

Configuring DBeaver

DBeaver accesses Impala through JDBC, which is a Java-based environment. Therefore, we need to add Kerberos configuration-related parameters to the dbeaver.ini file. The configuration should be added at the end of the file:

-Djavax.security.auth.useSubjectCredsOnly = false
-Djava.security.krb5.conf = "C:\ProgramData\MIT\Kerberos5\krb5.ini"
-Dsun.security.krb5.debug = true

Getting Impala JDBC Driver

We need to download the Impala JDBC driver package from the Cloudera website: Download Impala JDBC Connector 2.6.4 | Cloudera

Creating a Connection to Impala

To create a connection to Impala, we need to:

  1. Click “Create a connection” and select “Cloudera Impala”
  2. Click “Next” to configure JDBC connection information
  3. Edit the driver settings and modify the template for the following URL address:
jdbc:impala://{host}:{port}/{database};AuthMech=1;KrbRealm=FAYSON.COM;KrbHostFQDN={host};KrbServiceName=impala;KrbAuthType=2
  1. Add the Impala JDBC driver package
  2. After setting the driver, database default selection input
  3. Click “Test link”

Conclusion

In this article, we discussed how to use DBeaver to access Impala under a Kerberos environment. We covered the test environment, installing Kerberos client, configuring Kerberos client, configuring environment variables, configuring DBeaver, getting Impala JDBC driver, and creating a connection to Impala. By following these steps, you should be able to access Impala under a Kerberos environment using DBeaver.