Details
-
Bug
-
Status: Open
-
Blocker
-
Resolution: Unresolved
-
0.10.0
-
None
-
None
Description
There are few absurd points when doing Kerberos authentication so please help me out.
They are as following:
1. `User` field is mandatory for query to execute.
As shown in image below, error occurs if we don't set `default.user` value.
According to the trino document (https://trino.io/docs/current/installation/jdbc.html#connection-parameters),
it is not mandatory(unless we use impersonation) to have user/password when accessing via kerberos.
2. Why close DB pool ?
Because there is no password provided, `setUserProperty` function closes dbPool.
What is the purpose of closing db pool here? This would mean that we have to create a DB pool everytime a query is requested.
3. `java.net.URISyntaxException: Illegal character in path at index`
If I add configs at jdbc URI, I get error like above.
// jdbc:trino://url/hive?KerberosRemoteServiceName=...&KerberosPrincipal=...&KerberosServicePrincipalPattern=${SERVICE}@...&KerberosConfigPath=/etc/krb5.conf&KerberosKeytabPath=...
Are we not able to set configs like above? Is this only allowed via Properties options?
Or, do I have to pass URL that is encoded? `URLEncoder.encode(value, "US-8");` ?
4. Where do we set Kerberos Config Path ?
Normally, Trino asks for KerberosConfigPath because it contains Kerberos configuration information, including the locations of KDCs and admin servers for the Kerberos realms of interest.
Document (https://zeppelin.apache.org/docs/0.10.0/interpreter/jdbc.html#more-properties) does not have information about settign kerberos config path.
But, I noticed that in code, `PRESTO_PROPERTIES` hashset has `KerberosConfigPath` property.