Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/18/2024 10:32 AM
Hi I am trying to set up kerberos/windows authentication for a DB connection to a MySql server. I am reading through the documentation and there are a handful of operations and files that look to have to be done on the saviynt server. Is that correct? Or are we supposed to be able to modify these files through the admin gui in someway? I am not seeing how to perform the various operations outlined here: https://docs.saviyntcloud.com/bundle/Database-v23x/page/Content/Appendix.htm
Is a support ticket needed for some of these? Not seeing it stated as such in the docs.
04/18/2024 11:50 AM
@jralexander137 : I haven't personally done this kind of integration but looking at the document and files they are touching, I believe you may need to work with support to get it done. Especially startup.sh script is not something available in GUI
04/18/2024 11:54 AM
Yeah thats what I am thinking. Seems super odd to have to do all that for a DB connection. Hopefully someone from Saviynt proper can comment and confirm.
04/18/2024 12:04 PM
All configuration files can be uploaded from UI under file directory no dependency of saviynt server
04/18/2024 01:04 PM
Thats not what the documentation implies at all though? For instance, how am I supposed to do these modifications:
Add the following properties to the Catalina startup.sh file:
export JAVA_OPTS="$JAVA_OPTS -
java.security.krb5.conf=/datadrive/sharedappdrive/saviynt/Kerbros/krb5.conf -
java.security.auth.login.config=/datadrive/sharedappdrive/saviynt/Kerbros/SQLJDBCDriver.conf"
And another example:
Place the keytab file on the server running EIC and mention the path in the SQLJDBCDriver.conf file. For example, if the keytab file is placed in $SAVIYNT_HOME\SQLServerAuth, then mention $SAVIYNT_HOME\SQLServerAuth\krb5.keytab in the SQLJDBCDriver.conf file.
04/18/2024 01:22 PM
That’s automatically taken care in code
04/18/2024 01:30 PM
Gotcha, thanks for the clarification. Is there a better doc to reference than the one I linked in my post that outlines the updated steps? Its confusing as to what needs to be done when the doc is saying to modify some files and put them in specific places but some, or all? of that is being obsfucated? Curious as to how this is all supposed to work if we have multiple DB connections? Do we need to name files a certain way to associate them to a given connection?
04/18/2024 03:26 PM
Currently you can have only single domain account for all Kerberos based account and use same file name. I have added feedback to document to get updated