OCF Connector for Impala on CDP: Supported Combinations of Authentication Types

The Impala on CDP OCF connector supports various authentication types for the data source and metastore connections. You can use one or a combination of multiple authentication types for the Impala on CDP OCF connector. This section explains the configuration fields required for combining different authentication types while configuring the data source and metastore connections for Private Cloud CDP Distribution and Public Cloud CDP Distribution.

Private Cloud CDP Distribution

Select Private as the CDP Distribution type in the General Settings tab, then based on the type of private cloud configuration set on Cloudera Manager, namely Base or Cloudera Data Warehouse (CDW), you can use a combination of multiple authentication types.

Private Cloud Base

For data source connection, use one of the following:

• No Auth Authentication

• Username Authentication

• Username and Password Authentication

• SSL and No Auth Authentication

• SSL and Username Authentication

• SSL, Username, and Password Authentication

• SSL, Kerberos, Username, and Password Authentication

• SSL, Kerberos, Username, and Keytab Authentication

For metastore connection, use one of the following:

• No Auth Authentication

• Username and Password Authentication

• Kerberos, Username, and Password Authentication

• Kerberos, Username, and Keytab Authentication

Private Cloud CDW

For data source connection, use the SSL, Username, and Password Authentication.

For metastore connection, use one of the following:

• No Auth Authentication

• Username and Password Authentication

• Kerberos, Username, and Password Authentication

• Kerberos, Username, and Keytab Authentication

No Auth Authentication

No Auth authentication allows you to establish a connection without using any credentials (username and password).

Configure No Auth authentication for both data source and metastore connections in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select No Auth from the Authentication Method dropdown.

3. Leave the Username and Password fields blank.

4. Select the transport protocol to use in the thrift layer in the Transport Mode field. The sasl is the default protocol used for the No Auth authentication type.

5. Provide the HTTP path in the HTTP Path field.

   If you select the HTTP protocol in the Transport Mode field, this field is required.

6. Click Save.

Metastore Connection

1. Provide the Metastore URI in the Metastore URI field.

   thrift://<hostname>:<port>
   

   Example:

   thrift://ip-10-13-28-190.alation-test.com:9083
   

2. Select the Use Datasource Auth Credentials checkbox to use the same connection credentials used for the Data Source Connection. For different credentials, clear this checkbox.

3. Select Username from the Metastore Authentication Method dropdown.

4. Leave the Metastore Username and Metastore Password fields blank.

5. Click Save.

Username Authentication

Configure username authentication for data source connection in the General Settings tab for your data source.

Datasource Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Username from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Leave the Password field blank.

5. Select the transport protocol to use in the thrift layer in the Transport Mode field. The sasl is the default protocol used for the username authentication type.

6. Provide the HTTP path in the HTTP Path field.

   If you select HTTP protocol in the Transport Mode field, this field is required.

7. Click Save.

Username and Password Authentication

Configure LDAP authentication for both data source and metastore connections in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Username/Password from the Authentication Method dropdown.

3. Specify the service account username in the Username field

4. Specify the service account username in the Password field.

5. Select the transport protocol to use in the thrift layer in the Transport Mode field. The sasl is the default protocol used for the username and password authentication type.

6. Provide the HTTP path in the HTTP Path field.

   If you select HTTP protocol in the Transport Mode field, this field is required.

7. Click Save.

Metastore Connection

1. Provide the Metastore URI in the Metastore URI field.

   thrift://<hostname>:<port>
   

   Example:

   thrift://ip-10-13-28-190.alation-test.com:9083
   

2. Select the Use Datasource Auth Credentials checkbox to use the same connection credentials used for the Data Source Connection and skip to Step 6. Else, for different credentials, clear this checkbox.

3. Select Username/Password from the Metastore Authentication Method dropdown.

4. Specify the metastore username in the Metastore Username field.

5. Specify the metastore password in the Metastore Password field.

6. Click Save.

SSL and No Auth Authentication

Configure a combination of SSLand No Auth authentications for data source connection in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select No Auth from the Authentication Method dropdown.

3. Leave the Username and Password fields blank.

4. Select the Enable SSL checkbox.

5. Upload the SSL certificate in the SSL certificate field. Ensure that the certificate file type is .jks. To obtain the SSL certificate,

   1. In Cloudera Manager, go to Actions > View Client Configuration URLs.

   2. Click on the HIVE URL to download the .zip file.

   3. Extract the contents of the .zip file.

   4. Open the ssl-client.xml file in an editor of your choice.

   5. Copy the Truststore file (SSL certificate) and the Truststore password.

   6. Use the Truststore password for the Truststore Password field.

6. Specify the Truststore Password in the Truststore Password field.

7. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

8. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

9. Click Save.

SSL and Username Authentication

Configure a combination of SSL and username authentications for data source connection in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Username/Password from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Leave the Password field blank.

5. Select the Enable SSL checkbox.

6. Upload the SSL certificate in the SSL certificate field. Ensure that the certificate file type is .jks. To obtain the SSL certificate,

   1. In Cloudera Manager, go to Actions > View Client Configuration URLs.

   2. Click on the HIVE URL to download the .zip file.

   3. Extract the contents of the .zip file.

   4. Open the ssl-client.xml file in an editor of your choice.

   5. Copy the Truststore file (SSL certificate) and the Truststore password.

   6. Use the Truststore password for the Truststore Password field.

7. Specify the Truststore Password in the Truststore Password field.

8. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

9. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

10. Click Save.

SSL, Username, and Password Authentication

Configure a combination of SSL, username, and password authentications for data source connection in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Username/Password from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Specify the service account password in the Password field.

5. Select the Enable SSL checkbox.

6. Upload the SSL certificate in the SSL certificate field. Ensure that the certificate file type is .jks. To obtain the SSL certificate,

   1. In Cloudera Manager, go to Actions > View Client Configuration URLs.

   2. Click on the HIVE URL to download the .zip file.

   3. Extract the contents of the .zip file.

   4. Open the ssl-client.xml file in an editor of your choice.

   5. Copy the Truststore file (SSL certificate) and the Truststore password.

   6. Use the Truststore password for the Truststore Password field.

7. Specify the Truststore Password in the Truststore Password field.

8. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

9. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

10. Click Save.

SSL, Kerberos, Username, and Password Authentication

Configure a combination of SSL, Kerberos, username, and password authentications for data source and metastore connections in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Kerberos/Username/Password from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Leave the Password field blank.

5. Select the Enable SSL checkbox.

6. Upload the SSL certificate in the SSL certificate field. Ensure that the certificate file type is .jks. To obtain the SSL certificate,

   1. In Cloudera Manager, go to Actions > View Client Configuration URLs.

   2. Click on the HIVE URL to download the .zip file.

   3. Extract the contents of the .zip file.

   4. Open the ssl-client.xml file in an editor of your choice.

   5. Copy the Truststore file (SSL certificate) and the Truststore password.

   6. Use the Truststore password for the Truststore Password field.

7. Specify the Truststore Password in the Truststore Password field.

8. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

9. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

10. Upload the krb5.conf file in the Kerberos Configuration File field.

11. Specify the Impala Kerberos Principal in the Impala Kerberos Principal field.

12. Click Save.

SSL, Kerberos, Username, and Keytab Authentication

Configure a combination of SSL, Kerberos, Username, and Keytab authentications for data source and metastore connections in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Kerberos/Username/Keytab from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Leave the Password field blank.

5. Select the Enable SSL checkbox.

6. Upload the SSL certificate in the SSL certificate field. Ensure that the certificate file type is .jks. To obtain the SSL certificate,

   1. In Cloudera Manager, go to Actions > View Client Configuration URLs.

   2. Click on the HIVE URL to download the .zip file.

   3. Extract the contents of the .zip file.

   4. Open the ssl-client.xml file in an editor of your choice.

   5. Copy the Truststore file (SSL certificate) and the Truststore password.

   6. Use the Truststore password for the Truststore Password field.

7. Specify the Truststore Password in the Truststore Password field.

8. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

9. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

10. Upload the krb5.conf file in the Kerberos Configuration File field.

11. Upload the keytab file in the Keytab field.

12. Specify the Impala Kerberos Principal in the Impala Kerberos Principal field.

13. Click Save.

Kerberos, Username, and Password Authentication

Configure a combination of Kerberos, username, and password authentications for metastore connection in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Kerberos/Username/Password from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Specify the service account username in the Password field.

5. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

6. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

7. Upload the krb5.conf file in the Kerberos Configuration File field.

8. Specify the Impala Kerberos Principal in the Impala Kerberos Principal field.

9. Click Save.

Metastore Connection

1. Provide the Metastore URI in the Metastore URI field.

   thrift://<hostname>:<port>
   

   Example:

   thrift://ip-10-13-28-190.alation-test.com:9083
   

2. Select the Use Datasource Auth Credentials checkbox to use the same connection credentials used for the Data Source Connection and skip to Step 6. Else, for different credentials, clear this checkbox.

3. Select Kerberos/Username/Password from the Metastore Authentication Method dropdown.

4. Specify the metastore username in the Metastore Username field.

5. Specify the metastore password in the Metastore Password field.

6. Upload the krb5.conf file in the Metastore Kerberos Configuration File field.

7. Specify the Metastore Kerberos Principal in the Metastore Kerberos Principal field.

8. Select the required Hadoop RPC Protection value from the Hadoop RPC Protection dropdown.

9. Click Save.

Kerberos, Username, and Keytab Authentication

Configure a combination of Kerberos, Username, and Keytab authentications for metastore connection in the General Settings tab for your data source.

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Kerberos/Username/Keytab from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Specify the service account username in the Password field.

5. Select the transport protocol to use in the thrift layer in the Transport Mode field. The binary is the default protocol used for the SSL and no authentication type.

6. Provide the http path in the HTTP Path field.

   This field is required if you select http protocol in the Transport Mode field.

7. Upload the krb5.conf file in the Kerberos Configuration File field.

8. Upload the keytab file in the Keytab field.

9. Specify the Impala Kerberos Principal in the Impala Kerberos Principal field.

10. Click Save.

Metastore Connection

1. Provide the Metastore URI in the Metastore URI field.

   thrift://<hostname>:<port>
   

   Example:

   thrift://ip-10-13-28-190.alation-test.com:9083
   

2. Select the Use Datasource Auth Credentials checkbox to use the same connection credentials used for the Data Source Connection and skip to Step 6. Else, for different credentials, clear this checkbox.

3. Select Kerberos/Username/Keytab from the Metastore Authentication Method dropdown.

4. Specify the metastore username in the Metastore Username field.

5. Specify the metastore password in the Metastore Password field.

6. Upload the krb5.conf file in the Metastore Kerberos Configuration File field.

7. Upload the keytab file in the Metastore Keytab field.

8. Specify the Metastore Kerberos Principal in the Metastore Kerberos Principal field.

9. Upload the keytab file in the Metastore Keytab field.

10. Select the required Hadoop RPC Protection value from the Hadoop RPC Protection dropdown.

11. Click Save.

Public Cloud CDP Distribution

If you choose to use Public Cloud as the CDP Distribution type in the General Settings tab, perform these steps to configure data source and metastore connection

Data Source Connection

1. Provide the JDBC URI in the JDBC URI field.

   impala://<hostname>:<port>
   

   Example:

   impala://ip-10-13-28-190.alation-test.com:443
   

2. Select Username/Password from the Authentication Method dropdown.

3. Specify the service account username in the Username field.

4. Specify the service account password in the Password field.

5. Select the Enable SSL checkbox.

   1. Leave the JDBC SSL certificate field blank.

   2. Leave the TrustStore Password field blank.

6. Select the required transport mode from the Transport Mode dropdown. The default value for this field is http.

7. Provide the http path in the HTTP Path field. This field is required if transport mode is http.

8. Click Save.

Metastore Connection

You can configure metastore connection for a combination of:

• Kerberos, Username, and Password Authentication types.

• Kerberos, Username, and Keytab Authentication types.