domino logo
4.6
  • Tech Ecosystem
  • Get Started
  • Domino Cloud
  • Code Assist
  • Collaborate
  • Projects
  • Work with Data
  • Workspaces
  • Environments
  • Executions
  • Deploy Models and Apps
  • Model Monitoring
  • Organizations
  • Security and Credentials
  • Notifications
  • Search Your Domino Deployment
  • Domino CLI
  • Troubleshooting
  • Get Help
domino logo
About Domino
Domino Data LabKnowledge BaseData Science BlogTraining
User Guide
>
Workspaces
>
Clusters
>
Spark on Domino
>
Hadoop and Spark
>
Kerberos Authentication

Kerberos Authentication

Domino supports Kerberos authentication, allowing users to authenticate as themselves when connecting to Kerberos-secured systems.

Users can enable Kerberos authentication at the project-level or user-level by uploading a Kerberos keytab and principal into Domino. After set up, Runs started by Kerberos-enabled users or in Kerberos-enabled projects in Domino will automatically run kinit and retrieve the ticket to be able to authenticate.

Adding your Kerberos configuration file to Domino

There are two ways to add your krb5.conf file to Domino.

  • Add it to your project in a folder named kerberos.

  • Add it to your environment at /etc/krb5.conf:

RUN echo "[libdefaults]" >> /etc/krb5.conf && \
    echo "    default_realm = [YOUR-DEFAULT-REALM]" >> /etc/krb5.conf && \
    echo "    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc" >> /etc/krb5.conf && \
    echo "    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc" >> /etc/krb5.conf && \
    echo "    dns_lookup_kdc = true" >> /etc/krb5.conf && \
    echo "    dns_lookup_realm = false" >> /etc/krb5.conf && \
    echo "" >> /etc/krb5.conf && \
    echo "[realms]" >> /etc/krb5.conf && \
    echo "    EXAMPLE.COM = {" >> /etc/krb5.conf && \
    echo "        kdc = kerberos.example.com" >> /etc/krb5.conf && \
    echo "        admin_server = kerberos.example.com" >> /etc/krb5.conf && \
    echo "    }" >> /etc/krb5.conf

Adding Kerberos credentials to your user

To add a keytab and principal that will be used for Runs started by your user, open your Account Settings and click Kerberos Integration from the settings menu. Click Keytab file based authentication, supply your keytab and principal, then click Save.

Screen Shot 2019 02 04 at 8.39.59 PM

Adding Kerberos credentials to your project

To add a keytab and principal that will be used for Runs started by a specific project, open the project Settings and click to open the Integrations tab.

In the Kerberos panel, click Keytab file based authentication, supply your keytab and principal, then click Save.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.