Starting with Tableau Server 2019.1, Tableau Server supports Kerberos delegation with a Denodo data source.
To use Kerberos authentication with a PostgreSQL data source, you need to do the following:
- Configure Tableau Server for Kerberos Delegation. For more information see Configure Kerberos in the Tableau Help.
- Enable Kerberos delegation in Active Directory (AD). For more information contact your domain administrator.
- Configure environment variable PGKRBSRVNAME for Kerberos Delegation to Denodo. This is only required on Linux.
Run the following commands on all nodes in the cluster.
# Start a session as the unprivileged user. tableau is the default unprivileged user created by Tableau Server during installation. # You can specify your own unprivileged user as well. sudo su -l tableau sudo touch /var/opt/tableau/tableau_server/.config/systemd/tableau_server.conf.d/denodo.conf echo "PGKRBSRVNAME=HTTP" | sudo tee -a /var/opt/tableau/tableau_server/.config/systemd/tableau_server.conf.d/denodo.conf sudo chmod 744 /var/opt/tableau/tableau_server/.config/systemd/tableau_server.conf.d/denodo.conf # Restart all the control plane services systemctl --user restart tabadmincontroller_0 systemctl --user restart tabsvc_0 systemctl --user restart appzookeeper_0 systemctl --user restart clientfileservice_0 systemctl --user restart fnplicenseservice_0 systemctl --user restart licenseservice_0 systemctl --user restart tabadminagent_0
Note: Tableau uses the Postgres driver to connect to Denodo.
Using this environment variable to configure kerberos delegation for Denodo will prevent kerberos delegation to Postgres servers, since their kerberos service principal will usually start with "postgres" instead of "HTTP".
This won't be an issue unless you are trying to perform kerberos delegation to both Postgres and Denodo, which is very unlikely.