Enabling Kerberos Delegation for Teradata

Version 3

    Starting with Tableau Server 9.3, Tableau Server supports Kerberos authentication with a Teradata data source.


    To use Kerberos authentication with a Teradata data source, you need to do the following:


    • Configure Tableau Server for Kerberos Delegation. See Enable Kerberos Delegation for Windows or Enable Kerberos Delegation for Linux.

    • Enable Kerberos delegation in Active Directory (AD). To do this, you need to be a domain administrator for your AD domain. The following steps describe how to enable Kerberos delegation in AD if the Teradata server is in the same domain as Tableau server. For cross domain delegation, consult your AD documentation.


    Step 1: Specify the Run As User for delegation

    1. On the Active Directory domain controller, start the Active Directory Users and Computers (ADUC) tool.

    2. In the left pane (Active Directory Domain Services), click Users.

    3. In the Users pane, right-click the name of the user which Tableau Server runs under. This account will be used to set up delegation. Click Properties .

    4. In the Properties dialog box, select the Delegation tab.

    5. In the Delegation section, select Trust this user for delegation to specified services only.

    6. Select Use any authentication protocol.


    Step 2: Add Teradata service accounts for delegation

    1. On the Delegation tab, click Add.

    2. In the Add Services dialog box, click Users or Computers.

    3. In the text field, type the name of the Teradata service account and then click Check Names. The account should be found.

    4. Click OK.The Available Services list is populated with the SPNs (Service Principal Names).

    5. Sort the SPN list by Service Type to locate services of TERADATA type.

    6. Select the two SPNs of type TERADATA for the Teradata server and then click OK.The SPNs should now appear in the SPN list in the delegation section of the properties window for the user.

    7. Click OK.



    Step 3: Troubleshooting

    When Tableau Server is correctly configured for Kerberos you should be able to select the Viewer Credentials authentication option when publishing a workbook.


    For more troubleshooting suggestions, see Troubleshoot Kerberos in the Tableau help.