Netezza Performance Server

 View Only
  • 1.  Kerberos with JDBC

    Posted Wed October 07, 2020 07:41 PM
    Anybody had luck with setting up JDBC with Kerberos (not LDAP) on 256-bit encryption? We can get it up and running with ODBC without any issues (more or less: sometimes VDI's get API in registry and then we can get mixed case issues (but can be overcomed then by multiple kerberos tickets)).

    ODBC is giving a bit of overhead and most of the tools are now using JDBC by default so... 

    Working with IBM support on getting this sorted out - but maybe anyone have it done already?

    Adam Matusewicz


  • 2.  RE: Kerberos with JDBC

    Posted Wed June 16, 2021 04:54 AM

    Nevermind on this: Sorted it out. Apparently Netezza KB contain no accurate info for Windows AD servers. Seems like all tested only on Linux to Linux and with use of local shell. Missing subjects:

    - stronger encryption
    - disabling principal logons (in case somebody steal / intercept NPS keytab)
    - logging/debugging of above
    - communication security (SSL/debugging) with Kerberos

    Also seems for me that better now for NPS / JDBC is DBeaver. Aginity although natively support JDBC (and is now only option) , is enforcing password (one thing) and more important is that can't (or don't know how) to modify JVM startup to support custom config file. 

    As of now also MSLSA is a bit of struggle (though that not strictly related to Netezza - is for JDBC) - but there are workarounds.... can tell more about this stuff. 

    Adam Matusewicz