Using Kerberos Credentials in a Connection URL

You can provide your Kerberos credentials to the connector in the connection string.

You must provide the Kerberos principal and the path to the Kerberos configuration file. In addition, you must provide either the path to the keytab file, or the path to the Kerberos cache file.

To configure Kerberos authentication using Kerberos credentials:

  1. In the connection URL, set the AuthenticationType property to Kerberos Authentication.
  2. Set the SSLTrustStorePath property to the full path of the TrustStore that you want to use.
  3. Set the SSLTrustStorePwd property to your password for accessing the TrustStore.
  4. Set the KerberosPrincipal property to the Kerberos principal.
  5. Choose one:
    • Set the KrbKeytabFilePath property to the full path and name of the Kerberos keytab file.
    • Or, set the KrbCacheFilePath property to the full path and name of the Kerberos cache file.
  6. Set the KrbConfigFilePath property to the full path and name of the Kerberos krb5.ini configuration file.

For example, the following configuration URL uses a Kerberos keytab file:

jdbc:trino://trino-demo-cdh:7778;AuthenticationType=Kerberos Authentication;SSLTrustStorePath=C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\cacerts;SSLTrustStorePwd=changeit;KerberosPrincipal=host@REALM;KrbKeytabFilePath=C:\\Kerberos\keytab.krb;KrbConfigFilePath=C:\\Users\\employee.DRIVERS\\Desktop\\krb5.ini;

As another example, the following configuration URL uses a Kerberos cache file:

jdbc:trino://trino-demo-cdh:7778;AuthenticationType=Kerberos Authentication;SSLTrustStorePath=C:\\Program Files\\Java\\jre1.8.0_92\\lib\\security\\cacerts;SSLTrustStorePwd=changeit;KerberosPrincipal=host@REALM;KrbCacheFilePath=C:\\Kerberos\ticketcache;KrbConfigFilePath=C:\\Users\\employee.DRIVERS\\Desktop\\krb5.ini;

For more information about connection URL syntax, see Building the Connection URL.