We know Tableau Desktop works with MIT Kerberos on Windows to connect to Cloudera Hive/Impala. But there is some confusing information in Tableau support sites whether Tableau SERVER can work with MIT Kerberos in an Windows environment. There is a note that Kerberos delegation requires Active Directory and MIT Kerberos is not supported. But let us try to connect with a Hive datasource using a Hive service account with proper Sentry permission in Hive/Impala to connect from Tableau Server running on Windows.
- Tableau Server V2019.x on Windows
- Cloudera CDH 5.16 Hive/Impala on Centos using MIT Kerberos on Linux
- MIT Kerberos client on Windows for Tableau desktop and server
The overall connection flow will be:
Windows Tableau Server data source -> use Windows MIT Kerberos ticket -> Cloudera Hive/Impala
- First create a testuser@SOMEKRBREALM principal userid in the MIT KDC in Cloudera Hadoop cluster. Create a keytab for the user and make sure you can kinit with the keytab.
- Give appropriate permissions in Sentry to the testuser to access Hive/Impala tables.
2. Next install MIT Client on the Windows Tableau Server box and make sure we can connect using the testuser@SOMEKRBREALM to MIT KDC running in the Cloudera Hadoop cluster. You may need to open ports 88/udp/tcp, 10000/tcp, 21050/tcp to the Hadoop cluster.
3. To be continued…