Saviynt Forums

jralexander137 · ‎04/18/2024

Hi I am trying to set up kerberos/windows authentication for a DB connection to a MySql server. I am reading through the documentation and there are a handful of operations and files that look to have to be done on the saviynt server. Is that correct? Or are we supposed to be able to modify these files through the admin gui in someway? I am not seeing how to perform the various operations outlined here: https://docs.saviyntcloud.com/bundle/Database-v23x/page/Content/Appendix.htm

Is a support ticket needed for some of these? Not seeing it stated as such in the docs.

Saathvik · ‎04/18/2024

@jralexander137 : I haven't personally done this kind of integration but looking at the document and files they are touching, I believe you may need to work with support to get it done. Especially startup.sh script is not something available in GUI

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

jralexander137 · ‎04/18/2024

Yeah thats what I am thinking. Seems super odd to have to do all that for a DB connection. Hopefully someone from Saviynt proper can comment and confirm.

rushikeshvartak · ‎04/18/2024

All configuration files can be uploaded from UI under file directory no dependency of saviynt server

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

jralexander137 · ‎04/18/2024

Thats not what the documentation implies at all though? For instance, how am I supposed to do these modifications:

Add the following properties to the Catalina startup.sh file:

export JAVA_OPTS="$JAVA_OPTS -
java.security.krb5.conf=/datadrive/sharedappdrive/saviynt/Kerbros/krb5.conf -
java.security.auth.login.config=/datadrive/sharedappdrive/saviynt/Kerbros/SQLJDBCDriver.conf"

And another example:

Place the keytab file on the server running EIC and mention the path in the SQLJDBCDriver.conf file. For example, if the keytab file is placed in $SAVIYNT_HOME\SQLServerAuth, then mention $SAVIYNT_HOME\SQLServerAuth\krb5.keytab in the SQLJDBCDriver.conf file.

rushikeshvartak · ‎04/18/2024

That’s automatically taken care in code

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

jralexander137 · ‎04/18/2024

Gotcha, thanks for the clarification. Is there a better doc to reference than the one I linked in my post that outlines the updated steps? Its confusing as to what needs to be done when the doc is saying to modify some files and put them in specific places but some, or all? of that is being obsfucated? Curious as to how this is all supposed to work if we have multiple DB connections? Do we need to name files a certain way to associate them to a given connection?

rushikeshvartak · ‎04/18/2024

Currently you can have only single domain account for all Kerberos based account and use same file name. I have added feedback to document to get updated

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Database kerberos/windows authentication