QStudio Kerberos Security

Does QStudio support kerberos? Or other login systems?
Yes

Does QStudio support custom JDBC drivers?
Yes

Security Plugin

QStudio now supports a plugin system that allows specifying a custom authenticator or even a totally alternative JDBC driver. This could be used to allow kerberos to work. It has been implemented and used at one bank which doesn't use kerberos but their own authentication mechanism. It does however require writing a java plugin.

An example of a custom connection with popup authentication can be seen here:

Running the Example

1. Download QStudio.
2. Clone this example repo and build a jar.

   
   git clone https://github.com/timeseries/qstudio-plugin-example
   cd qstudio-plugin-example
   gradle jar

   This produces build/lib/qstudio-plugin-example.jar
3. Place the generated qstudio-plugin-example.jar inside the qstudio/libs folder
4. Run QStudio using the qstudio-log.bat (windows) or with the command java -jar qstudio.jar
   
   You cannot run QStudio using the .exe files on windows when using a custom authenticator or JDBC driver. This is due to class loading security restrictions that are very difficult to change.

Using Custom Authentication

If all you need to do is get your usernames/passwords from elsewhere, then you should:

1. Take the example shown above
2. Modify the code to implement your own authentication
3. Remove any existing .jar files in the libs folder. Then place your generated .jar in the libs folder.

Using a Custom JDBC Driver

We can use command line properties to fully specify all JDBC and authentication configuration. To do so:

1. Place your .jar files in the libs folder
2. Use a custom launch command like so to specify all parameters: java -Djdbc.isKDB=true -Djdbc.dbRequired=false -Djdbc.driver=kx.jdbc -Djdbc.urlFormat="jdbc:q:@HOST@:@PORT@" -Djdbc.authenticator=com.timestored.plugins.open.ExampleDatabaseAuthenticationService -jar QStudio.jar
   On windows it would be easiest to copy the existing qstudio-log.bat file.

Configuration Options

• jdbc.isKDB=true - Whether this JDBC driver is for kdb or not. It controls whether it is displayed as an option in QStudio.
• jdbc.dbRequired=false - Controls whether the database is added to the JDBC URL.
• jdbc.driver=kx.jdbc - The full class name of the JDBC driver.
• jdbc.urlFormat="jdbc:q:@HOST@:@PORT@" - the URL used for connecting. Special symbols @HOST@,@PORT@,@DATABASE@ are replaced with the actual server details.
• jdbc.authenticator=com.timestored.qstudio.open.ExampleDatabaseAuthenticationService - What class to use to lookup connection details.