Tableau Server connect to Cloudera Hive with MIT Kerberos

We know Tableau Desktop works with MIT Kerberos on Windows to connect to Cloudera Hive/Impala. But there is some confusing information in Tableau support sites whether Tableau SERVER can work with MIT Kerberos in an Windows environment. There is a note that Kerberos delegation requires Active Directory and MIT Kerberos is not supported. But let us try to connect with a Hive datasource using a Hive service account with proper Sentry permission in Hive/Impala to connect from Tableau Server running on Windows.

Environment:

  • Tableau Server V2019.x on Windows
  • Cloudera CDH 5.16 Hive/Impala on Centos using MIT Kerberos on Linux
  • MIT Kerberos client on Windows for Tableau desktop and server

Procedure:

The overall connection flow will be:

Windows Tableau Server data source -> use Windows MIT Kerberos ticket -> Cloudera Hive/Impala

  1. First create a testuser@SOMEKRBREALM principal userid in the MIT KDC in Cloudera Hadoop cluster. Create a keytab for the user and make sure you can kinit with the keytab.
  2. Give appropriate permissions in Sentry to the testuser to access Hive/Impala tables.

2. Next install MIT Client on the Windows Tableau Server box and make sure we can connect using the testuser@SOMEKRBREALM to MIT KDC running in the Cloudera Hadoop cluster. You may need to open ports 88/udp/tcp, 10000/tcp, 21050/tcp to the Hadoop cluster.

3. To be continued…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.