0

I'm currently running Windows Server 2012. We have SQL Server connected to Hadoop, Via an ODBC connector.

The connection to Hadoop uses Windows Authentication, via an MIT Kerberos ticket generator program. The tickets only last for 24 hours, so it's not sustainable for me to manually renew the kerberos ticket every 24 hours.

I'm want to bypass this, and use a Keytab file process - I've successfully created a Keytab file via KTPass:

Key created. 
Output keytab to c:\temp\krb5.keytab
Keytab version: 0x510

Now that I've created the file, What exactly do I do from here, so that I don't have to constantly review the kerberos ticket?

Depth of Field
  • 307
  • 2
  • 16
  • 1
    On Linux you would use a scheduled job with `kinit -R` to renew the ticket every few hours and `kinit -kt ` to recreate the ticket every day or so. On Windows... well, since you installed the MIT Kerberos contraption, you can do the same. – Samson Scharfrichter Dec 15 '20 at 21:27
  • 1
    Also, with Java code, you could handle the Kerberos ticket safely inside process memory, instead of relying of the shared cache used by all processes running under the same service account. But with Skull Server you are limited to Macrosoft proprietary implementation of Kerberos, which does not play well with "standard" Kerberos. Duh. – Samson Scharfrichter Dec 15 '20 at 21:31

0 Answers0