Using Kerberos Authentication

You can configure the connector to use the Kerberos protocol to authenticate the connection. Kerberos is provided as part of the Java Runtime Environment (JRE).

By default, when you use Kerberos authentication, the connector loads the credentials from the Kerberos credential cache. Alternatively, you can provide your Kerberos credentials to the connector, either in a JAAS configuration file or in the connection URL. For detailed instructions, see the topics below:

• Prerequisites
• Using a Kerberos Credentials Cache
• Using a JAAS Login Configuration File
• Using Kerberos Credentials in a Connection URL

Prerequisites

Before you can use Kerberos authentication with the Simba Presto JDBC Connector, you must do the following:

1. On your Presto server, in the /etc/presto/config.properties file, set the following properties:

http.server.authentication.krb5.service-name=HTTP

http.server.authentication.krb5.keytab=HTTP.keytab

2. On your client machine, in the java.policy file for your Java environment, include the following line:

permission java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly", "write";

3. On your client machine, in your Java environment, install the appropriate Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

Related topics

• Using LDAP Authentication
• Using Password File Authentication
• Security and Authentication
• Authentication Connector Configuration Options
• Building the Connection URL