2.10 - Kerberos Authentication Setup - Teradata QueryGrid

Teradata® QueryGrid™ Installation and User Guide

Teradata QueryGrid
September 2019
User Guide

When using Kerberos authentication, a principal can be authenticated using a username and password or a Keytab file. Presto Kerberos setup instructions can be found at https://teradata.github.io/presto/docs/current/security/server.html. The driver node on the remote server establishes Kerberos authentication; the Presto connector is configured with the location of the needed file.

The following property settings are required for Presto target connectors using the Kerberos security model.
Setting Description
Port Set to the HTTPS server port, or to the value of the http-server.https.port value in the presto config.properties file.
Authentication Mechanism Set to Kerberos.
Username Set to the Kerberos principal name.
Password Set only if the Kerberos principal should be authenticated using a password.
Realm Set to the Kerberos realm if the Kerberos principal in the username property does not already contain the realm.
Keytab Set to absolute path of Keytab file only if the Kerberos principal should be authenticated using Keytab.
If both the Password and Keytab connector properties contain values, then the Password setting takes precedence.
SSL Trust or Key Store Path Set to the Java trust store or Key Store absolute path.
SSL Trust or Key Store Password Set to the password for the Java trust store or Key Store file you entered into the SSL Trust or Key Store Path property.

For more information about setting up the Presto Kerberos configuration, see Teradata Presto Documentation available from https://www.info.teradata.com: Teradata for Hadoop > Teradata Distribution of Presto > Teradata Distribution of Presto.

HTTPs must be configured for LDAP or Kerberos enabled Presto clusters. See https://teradata.github.io/presto/docs/current/security/tls.html.