How can Kerberos authentication be removed from Insights on Linux Server?
Issue Description: To remove the Kerberos Authentication being used by the Linux server. For example, the current configuration is using a user profile whose credentials may have changed causing the user’s account to constantly lockout. Note, it is generally a good principle to use a Service Account.
Resolution:
- To verify that the Insights is indeed using a SQL authentication and not Kerberos, log into the Looker Admin Portal and navigate to the 'Database Connections'.
- Under 'Username', check the entry:
- If the username displays 'PLACEHOLDER', it indicates that Windows Authentication (Kerberos) is being used.
- Additionally, check the Insights Windows configuration file to verify the connection string is also using said SQL Authentication.
- Advance to the Linux Insight server to begin removing the Kerberos authentication
- Log in as 'ROOT' admin and locate the required files. These files should be located in the '/app/Insight' directory. The installation directory can vary based on your chosen location for installation.
- Remove the following files
- adDetails.json
- WINDOWS_AUTH_AD_KEYTAB
- WINDOWS_AUTH_KRB5_CONFIG
- WINDOWS_AUTH_VARS
- kerbvars*
- Access the docker container using the following command:
docker exec -it looker-container bash
- To remove files from within the docker container, use the command: rm filename (replace 'filename' with the correct file names to delete).
- Next, execute cat /app/refresh-kerberos-ticket.sh. The output should display the script used to update Kerberos settings
- Locate the '.kerbvars' file and delete it using the 'rm' command
- Finally, restart the Looker container using the following command.
docker restart looker-container