Kerberos authentication versus secure impersonation

Kerberos authentication occurs when Pentaho users connect to a cluster with a default Kerberos principal. All the Pentaho users connect to the cluster with the same Kerberos principal.

In secure impersonation, users connect to the cluster as a proxy user. The Pentaho user ID matches the cluster user ID in a one-on-one mapping. Resources are accessed and processes are executed as the cluster user.

Secure impersonation occurs if the following criteria are met:

Pre-defined credentials can authenticate to a Kerberos server before connecting to the cluster.
The Pentaho Server is configured for secure impersonation.
The cluster is secured.

For information on enabling secure impersonation and Kerberos authenticaion, see the following topics:

Prerequisites
Supported components
How to enable secure impersonation
How to enable Kerberos authentication

PreviousBig data security NextPrerequisites

Last updated 13 days ago

Was this helpful?