Authenticating Direct Connections to Engines

QDS users can directly connect to query engines that is external of QDS.

Authenticating Direct Connections to Presto

Apart from existing authentication schemes, Presto supports a file-based authentication, which you can enable by adding this configuration as a Presto override in the cluster configuration.

Note

This is a beta feature. In the future releases, Qubole plans to change the authentication file format and related details.

config.properties:
http-server.authentication.type=FILE
authentication.filebased.config-file=etc/authenticationFile

authenticationFile:
{
  "users": [
    {
      "name": "admin",
      "password": "password"
    },
    {
      "name": "user1",
      "password": "pass1"
    }
  ]
}

Adding this override configures Presto to use etc/authenticationFile as input for username:password pairs. The content of this file is defined in the authenticationFile: section as mentioned above.

Note

Ensure that the content of the etc/authenticationFile is in the valid JSON format or else, the Presto server fails to start.

These username:password pairs are used to authenticate users, who try to access Presto directly (that is from outside of QDS). In direct connections, you must provide username and password correctly and use https://MASTER_HOST_NAME:8443 as the URL.

If you are using open source, JDBC drivers must enable SSL apart from these configurations as described in the Presto JDBC topic.

Important

Here are some conditions that hold good to the basic authentication for direct connections in Presto:

  • The file-based authentication is only available in Presto 0.180 and later versions.
  • You must use the Qubole Presto Ruby client for uninterrupted access to clusters through QDS after enabling this feature. This feature does not support the old QDS Java client.
  • You must have an encrypted channel while submitting password, you must get SSL enabled in the master node by creating a ticket with Qubole Support.