Password credential pass-through#
The password credential pass-through feature guarantees that Starburst Enterprise platform (SEP) uses the same credentials as a user accessing a data source directly. This allows you to authenticate using the CLI or client application with the JDBC or ODBC driver. The supplied credentials are passed through SEP and the connector to the underlying data source.
To use password credential pass-through, the data source and SEP must use the same authentication backend and use the same credentials. A typical example is an LDAP system such as Active Directory.
The password credential pass-through feature is only supported in select connectors. Reference the connectors feature matrix for more information about which connectors support this feature.
To enable password credential pass-through, include
DELEGATED-PASSWORD cannot be used with the
type, and results in runtime exceptions. The functionality of
authentication is integrated in the
To enable password credential pass-through in the Starburst Enterprise web UI and the query
editor, include the Web UI property
web-ui.authentication.type in the
Typically, multiple Authentication types are used and must be configured as comma-separated values. These are evaluated in a short-circuit fashion. SEP attempts them in order until an authentication type succeeds, or fails the authentication attempt altogether if none succeed.
In the following example, SEP attempts to authenticate using
DELEGATED-KERBEROS. If that succeeds, no further authentication attempts are
made. If it fails, SEP attempts to authenticate using
CERTIFICATE. If those fail, the request fails as there are no
further authentication methods specified:
Update the catalog file, as needed by the connector, to enable password credential pass-through:
Specifying username via extra credentials#
It is possible to overwrite the username to authenticate with the external data source using extra credentials added to the JDBC URL. The name of the extra credential used to log in must be configured in the catalog properties file:
extraCredentials=arbitrary_username_id:external_user_login to the
parameters used with the JDBC driver to connect to SEP.
Users of the CLI can use the
This feature works only for the
PASSWORD_PASS_THROUGH authentication type.