If you would like to connect to an SQL server using Kerberos authentication, for example you are a user on a shared domain. You can connect through a DSN using an ODBC driver and a Kerberos ticket. To do this:
Before you begin:
Ensure that a separate machine known to your domain contains a working Kerberos Key Distribution Centre (KDC)
Ensure that a SQL service using domain service account and registered Service Principal Names (SPNs)
Consult your local database admin team if you are unsure about any of the prerequisites.
- Set up the Microsoft ODBC driver on your Linux client machine, to do this see: Connecting to an SQL Server database from Altair SLC on Linux
When configuring odbc.ini, ensure the SQL server host containing the SPN is registered
- Install the Kerberos workstation on your Linux client machine using the following command, adjust the installation command according to your local package manager.
sudo apt install krb5-workstation
3. Configure the /etc/krb5.conf file to contain your local domain information, replace any mentions of example.com to the domain of the KDC machine, ensuring casing is preserved. For example if altair.com is the target domain, then mentions of EXAMPLE.COM become ALTAIR.COM and example.com become altair.com.
4. Create the Kerberos ticket by using the following command:
sudo kinit user
where user is your username on the domain
A ticket is granted with your credentials
Once the set-up is complete, you can test the connection using the following SAS language program:
LIBNAME DATASRC SQLSVR DSN=dsn SERVER=server-id DATABASE=dbase;
PROC DATASETS LIBRARY=DATASRC;RUN;
- In the LIBNAME statement, replace dsn with the data source name for the server-id server, and replace dbase with the name of the SQL Server database.
- The DATASETS procedure returns the names of all tables in the selected database; for databases with large numbers of tables, this program might take some time to run.
