JDBC Access to Splice Machine with Kerberos

This section shows you how to connect your applications to Splice Machine on a Kerberized cluster, using our JDBC driver. As a prerequisite to connecting, you must ensure that:

  • Database users are added in the Kerberos realm as principals.
  • Keytab entries have been generated and deployed to the remote clients on which the applications are going to connect.

See Enabling Kerberos Authentication for information about using Splice Machine on a Kerberized cluster.

Connecting Splice Machine with Kerberos and JDBC

Once you’ve configured Kerberos, you can connect with JDBC by specifying the principal and keytab values in your connection string; for example:

splice> CONNECT 'jdbc:splice://localhost:1527/splicedb;principal=jdoe@SPLICEMACHINE.COLO;keytab=/tmp/user1.keytab';

If you’re using HAProxy, simply specify your proxy host as the server in the connect string:

splice> CONNECT 'jdbc:splice://<haproxy-host>:1527/splicedb;principal=jdoe@SPLICEMACHINE.COLO;keytab=/tmp/user1.keytab';

If your keytab file is stored on HDFS, you can specify the connection like this instead:

splice> CONNECT 'jdbc:splice://localhost:1527/splicedb;principal=jdoe@SPLICEMACHINE.COLO;keytab=hdfs:///tmp/splice.keytab';

When connecting third-party software via JDBC using a keytab file stored on HDFS, you must make sure that the Splice Machine libraries are in your classpath:

export HADOOP_CLASSPATH=/opt/cloudera/parcels/SPLICEMACHINE/lib/*