Kerberos authentication for Microsoft SQL Server
- Last Updated: November 21, 2025
- 1 minute read
- Hybrid Data Pipeline
- Version 5.0
- Documentation
Hybrid Data Pipeline supports Kerberos authentication for SQL Server connections. Kerberos
is a network authentication protocol that uses symmetric key cryptography and a trusted Key
Distribution Center (KDC) to validate identities without transmitting plaintext credentials.
Instead of relying on static username and password pairs, Kerberos issues time-bound,
encrypted tickets that authenticate both the client and the server.
Note: Kerberos authentication does not work in FIPS enabled
environments.
Prerequisites for enabling Kerberos in Hybrid Data Pipeline
- A Kerberos-enabled SQL Server instance
- Valid Kerberos realm configuration
- A Kerberos principal with appropriate permissions to access the SQL Server database
- Network connectivity to both the Kerberos Key Distribution Center (KDC) and SQL Server
| Deployment Type | Requirement |
|---|---|
| Server | Specify the path to the Kerberos configuration file
(krb5.conf) using the Advanced Installation Options
setting. |
| Docker | Specify the path to the Kerberos configuration file
(krb5.conf) in the hdpdeploy.properties
file. |
| On-Premises Connector | Specify the path to the Kerberos configuration file
(krb5.conf) in the installation program. |
Kerberos configuration file krb5.conf contents
The contents of the
krb5.conf file should include the following:- Default realm (e.g., EXAMPLE.COM)
- KDC (Key Distribution Center) addresses
- Domain-to-realm mappings
- Optional settings like ticket lifetime and encryption types