Configuring Authentication

Some Drill databases require authentication. You can configure the Simba Apache Drill ODBC Connector to authenticate the connection to the database using one of several methods. For more information, see the following sections:

• Using Your Drill User Name and Password
• Using Kerberos
• Using Your Drill Username Only

Note: If the Authentication Type drop-down list is set to No Authentication, the connector uses a default user name of "anonymous".

Using Your Drill User Name and Password

You can configure the connector to use your Drill data store credentials to authenticate the connection.

To configure user name and password authentication:

1. To access authentication options, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
2. From the Authentication Type drop-down list, select Plain.
3. In the User field, type an appropriate user name for accessing the Drill server.
4. In the Password field, type the password corresponding to the user name you typed above.
5. To save your settings and close the dialog box, click OK.

Using Kerberos

You can configure the connector to use the Kerberos protocol to authenticate the connection.

If you do not enable the Use Only SSPI option, then Kerberos must be installed and configured before you can use this authentication mechanism. For information about how to install and configure Kerberos, see the MIT Kerberos Documentation: http://web.mit.edu/kerberos/krb5-latest/doc/.

To configure Kerberos authentication:

1. To access authentication options, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
2. From the Authentication Type drop-down list, select Kerberos.
3. Optionally, in the Host FQDN field, type the fully qualified domain name (FQDN) of the Drill server host. If you leave this field empty, the connector uses the host name of the server that you are connecting to as the FQDN for Kerberos authentication.
4. Optionally, in the Service Name field, type the Kerberos service principal name of the Drill server. If you leave this field empty, the connector uses drill as the service principal name.
5. Optionally, do one of the following to specify which mechanism the connector uses by default to handle Kerberos authentication:
   • To use the SSPI plugin by default, select the Use Only SSPI check box.
   • To use MIT Kerberos by default and only use the SSPI plugin if the GSSAPI library is not available, clear the Use Only SSPI check box.
6. To require that users define a Kerberos host and service name, set the Kerberos SPN Configuration Required check box.
7. To save your settings and close the dialog box, click OK.

Using Your Drill Username Only

This method is intended for servers without any authentication enabled and with (or without) impersonation enabled.

To configure Username only authentication:

1. To access authentication options for the connector, open the ODBC Data Source Administrator where you created the DSN, select the DSN, and then click Configure.
2. From the Authentication Type drop-down list, select Username.
3. In the User field, type an appropriate user name for accessing the Drill server.
4. Optionally, in the Delegation UID field enter the details for any relevant impersonation target.
5. To save your settings and close the dialog box, click OK.