Client Configuration

Host Name
Hosts File
Supported Browsers and Integrated Windows Authentication
About Supported Browsers
Firefox
Chrome

Host Name

Client authentication using Kerberos requires the following:
  • accessing SAS Data Loader for Hadoop using a host name, not an IP address
  • configuring the browser to use Kerberos when accessing the vApp host name
Accessing the vApp using a host name depends on the client browser being able to resolve the host name to the internal NAT IP of the SAS Data Loader for Hadoop vApp. You must create a host name for use on the client machine. For example, you might create a name similar to dltest1.vapps.sas.com.

Hosts File

You must modify the hosts file on the client machine to include the host name that is used to access SAS Data Loader for Hadoop. This host name must be the same host name that is used to generate keytabs for Kerberos, as described in Kerberos Configuration. The format of the host name is host_name.vapps.sas.com. The domain vapps.sas.com is required.
You must also modify this file to include the IP address of the vApp that is installed on the host. VMware Player Pro displays this address in a welcome window when the vApp is started on the client machine. The hosts file requiring modification is: %SystemRoot%\system32\drivers\etc\hosts. The editor must run in UAC-permitted mode. This requires administrative privileges on the machine. To modify the file, follow these steps:
  1. Click the Start button.
  2. Enter notepad %SystemRoot%\system32\drivers\etc\hosts in the search box.
  3. Press Ctrl+Shift+Enter to execute as the administrator.
  4. Accept the UAC prompt.
  5. Enter the host name and IP address in the proper format. For example, you might enter 192.168.212.132 dltest1.vapps.sas.com.
    Note: The IP address of the vApp can change. Anytime the IP changes, you must repeat this process.

Supported Browsers and Integrated Windows Authentication

About Supported Browsers

SAS Data Loader for Hadoop supports the Firefox and Chrome browsers for single sign-on. The browser must be configured to support Integrated Windows Authentication (IWA). For more information, see Support for Integrated Windows Authentication.

Firefox

The browser on the client vApp machine must be configured as follows:
  1. Enter about:config in the address bar.
  2. Enter negotiate in the filter text box.
  3. Set the network.negotiate-auth.delegation-uris value to the domain of the host name assigned to the vApp.
  4. Set the network.negotiate-auth.trusted-uris value to the domain of the host name assigned to the vApp.
  5. Close the browser.

Chrome

The browser on the client vApp machine must be configured as follows:
  1. Close all open Chrome browser instances.
  2. Open Control Panelthen selectInternet Options from the Windows Start menu.
  3. Click the Security tab.
  4. Click Local intranet.
  5. Click Sites, and then click Advanced.
  6. Enter the domain of the host name assigned to the vApp in the Add this website to the zone field.
  7. Click Add, click Close, and then click OK.
  8. Click the Advanced tab.
  9. Scroll down to the Security section.
  10. Select the Enable Integrated Windows Authentication option.
  11. Click OK to close the Internet Properties Control Panel.
  12. Click the Windows Start button.
  13. Enter regedit in the search box, and then press the Enter key.
  14. In the Registry Editor, expand HKEY_LOCAL_MACHINE, and then expand SOFTWARE.
  15. Right-click Policies, and then select Newthen selectKey.
  16. As appropriate, enter Google as the name of the new key.
  17. As appropriate, right-click Google, and then select Newthen selectKey.
  18. As appropriate, enter Chrome as the name of the new key.
  19. Right-click Chrome, and then select Newthen selectString Value. The right pane displays a new registry entry of type REG_SZ.
  20. Enter the following name for the new string value: AuthNegotiateDelegateWhitelist
  21. Right-click AuthNegotiateDelegateWhitelist and select Modify.
  22. In the Edit String window, in the Value data field, enter the host name that is or will be used in Kerberos to refer to the client.
  23. Click OK to close the Edit String window.
  24. Exit the Registry Editor.
  25. Restart the Chrome browser.
Copyright © SAS Institute Inc. All rights reserved.