Configuring Authentication

Some Drill databases require authentication. You can configure the Simba Apache Drill ODBC Connector to authenticate the connection to the database using one of several methods. For more information, see the following sections:

Note:

If you set AuthenticationType to No Authentication, the connector uses a default user name of "anonymous".

You can set the connection properties described below in a connection string or in a DSN (in the odbc.ini file). Settings in the connection string take precedence over settings in the DSN.

Using Your Drill User Name and Password

You can configure the connector to use your Drill data store credentials to authenticate the connection.

To configure user name and password authentication:

  1. Set the AuthenticationType property to Plain or Basic Authentication.
  2. Set the UID property to an appropriate user name for accessing the Drill server.
  3. Set the PWD property to the password corresponding to the user name you typed above.

Using Kerberos

You can configure the connector to use the Kerberos protocol to authenticate the connection.

Kerberos must be installed and configured before you can use this authentication mechanism. For information about how to install and configure Kerberos, see the MIT Kerberos Documentation: http://web.mit.edu/kerberos/krb5-latest/doc/.

To configure Kerberos authentication:

  1. Set the AuthenticationType property to Kerberos.
  2. To require that users set a Kerberos service name and host, set krbSpnConfigurationsRequired to 1.
  3. Optionally, set the KrbServiceHost property to the fully qualified domain name of the Drill server host. If you do not set this property, the connector uses the host name of the server that you are connecting to as the FQDN for Kerberos authentication.
  4. Optionally, set the KrbServiceName property to the Kerberos service principal name of the Drill server. If you do not set this property, the connector uses drill as the service principal name.

Using MapR-SASL

You can configure the connector to use the MapR-SASL protocol to authenticate the connection.

The maprlogin utility must be installed and configured before you can use this authentication mechanism. For more information, see the MapR Security Guide: http://maprdocs.mapr.com/51/SecurityGuide/SecurityOverview.html.

To configure MapR-SASL authentication:

  1. Use the maprlogin utility to acquire a maprticket. For more information, see "Logging Into a Cluster with maprlogin" in the MapR Security Guide: http://maprdocs.mapr.com/51/SecurityGuide/LoggingIntoCluster.html.
  2. Set the AuthenticationType property to MapRSASL.

Using Your Drill Username Only

This method is intended for servers without any authentication enabled and with (or without) impersonation enabled.

To configure Username only authentication:

  1. Set the AuthenticationType property to Username.
  2. Set the UID property to an appropriate user name for accessing the Drill server.
  3. Optionally, set the DelegationUID to any applicable impersonation target.