Password credential pass-through

The password credential pass-through feature guarantees that Starburst Enterprise platform (SEP) uses the same credentials as a user accessing a data source directly. This allows you to authenticate using the CLI or client application with the JDBC or ODBC driver. The supplied credentials are passed through SEP and the connector to the underlying data source.

It requires that the data source and SEP use the same authentication backend using the same credentials. A common example is an LDAP system such as Active Directory. Not all connectors have this capability. Check the documentation for individual connectors to ensure that they are supported.

Configuration

To enable, include DELEGATED-PASSWORD in the config.properties file:

http-server.authentication.type=DELEGATED-PASSWORD

Typically, multiple authentication types are used and must be configured as comma separated values:

http-server.authentication.type=PASSWORD,DELEGATED-PASSWORD

Update the catalog file, as needed by the connector, to enable password credential pass-through:

<connector_name>.authentication.type=PASSWORD_PASS_THROUGH

Specifying username via extra credentials

It is possible to overwrite the username to authenticate with the external data source using extra credentials added to the JDBC URL. The name of the extra credential used to log in must be configured in the catalog properties file:

user-credential-name=arbitrary_username_id

Then add extraCredentials=arbitrary_username_id:external_user_login to the parameters used with the JDBC driver to connect to SEP.

Users of the CLI can use the --extraCredential option.

This feature works only for the PASSWORD_PASS_THROUGH authentication type.