The Data Integration service of DataWorks supports third-party identity authentication mechanisms. Before you use an authentication mechanism to perform an identity authentication, you must upload the required authentication files on the Authentication File Management page of the DataWorks console. Then, you must enable third-party authentication when you add a data source. This way, only trusted applications and services can access the data source. This topic describes how to upload and reference an authentication file.

Background information

Third-party identity authentication mechanisms are used to perform strict identity authentication on users and services. These mechanisms prevent untrusted applications or services from accessing data and improves the stability of data access during data synchronization. The Authentication File Management page of the DataWorks console allows you to manage authentication files in a centralized manner. You can upload an authentication file and view the data sources that reference an authentication file on this page.

Limits

Only Kerberos authentication is supported. Other authentication mechanisms will be available in the future. For more information about Kerberos authentication, see Configure Kerberos authentication.

Upload an authentication file

Before you use an identity authentication mechanism, you must upload the required authentication files on the Authentication File Management page.

  1. Log on to the DataWorks console.
  2. In the left-side navigation pane, click Workspaces.
  3. After you select the region where the desired workspace resides, find the workspace and click Data Integration in the Actions column.
  4. In the left-side navigation pane of the Data Integration page, choose Data Source > Authentication File Management.
  5. On the Authentication File Management page, click Upload Authentication File in the upper-right corner.
  6. In the Upload Authentication File dialog box, click Upload File to upload the desired file. You can enter comments in the File Description field. Then, click OK.

Reference an authentication file

If you want to use third-party identity authentication, you must enable special identity authentication, configure the related parameters, and reference the uploaded authentication files when you add a data source. DataWorks supports only Kerberos authentication. For more information, see Configure Kerberos authentication.

The following table describes the parameters you must configure after you set Special Authentication Method to Kerberos Authentication when you add an HDFS data source. For more information about how to add a data source, see Add a data source.

Add a data source
Parameter Description
Special Authentication Method Set this parameter to Kerberos Authentication.
Keytab File Select an uploaded keytab file from the Keytab File drop-down list. If you want to upload a new keytab file, click Add Authentication File.
CONF File Select a CONF file from the CONF File drop-down list. If you want to upload a new authentication file, click Add Authentication File.
principal The Kerberos principal, which consists of the principal name, instance name, and domain name. Specify this parameter in the format of Principal name/Instance name@domain name. Example: ****/hadoopclient@**.*** .

Other operations

You can upload a new authentication file and view the data sources that reference an uploaded authentication file on the Authentication File Management page. You can also delete multiple authentication files at a time on this page. 22