Share via

Kerberos connection using principal name, password, and realm but how to mask password

Daniel Parsons 20 Reputation points
2023-08-04T08:58:17.01+00:00

Hi - I am establishing a connection from Denodo to a SQL server database using a JDBC URL. To use Kerberos for a windows specific login I have to use the following:

jdbc:sqlserver://ServerName:1433;databaseName=Database;integratedSecurity=true;authenticationScheme=JavaKerberos;userName=Username;password=*Password
*
However this reveals the password to anyone with access to the job. Can the password be encrypted or masked somehow?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
14,494 questions
Accepted answer
  1. Amira Bedhiafi 31,391 Reputation points
    2023-08-05T13:56:37.25+00:00

    For a secure Kerberos connection, avoid putting your password in the JDBC URL. Instead, use a Kerberos ticket for authentication. First, configure the Kerberos client on your machine to communicate with the Kerberos Key Distribution Center (KDC). Obtain a Kerberos ticket using the kinit command, which does not store the password. Then, configure Denodo to use the Kerberos ticket by removing userName and password parameters from the JDBC URL and setting integratedSecurity=true. Use a login.conf file for Java Kerberos client configuration and specify its path using the java.security.auth.login.config Java system property in Denodo's JVM Options. Now, you can securely establish a Kerberos-authenticated connection without exposing your password. For further details, check specific documentation for Denodo, SQL Server, and your Kerberos setup.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.