JDBC Access to Splice Machine with Kerberos
This section shows you how to connect your applications to Splice Machine on a Kerberized cluster, using our JDBC driver. As a prerequisite to connecting, you must ensure that:
- Database users are added in the Kerberos realm as principals.
- Keytab entries have been generated and deployed to the remote clients on which the applications are going to connect.
See Enabling Kerberos Authentication for information about using Splice Machine on a Kerberized cluster.
Connecting Splice Machine with Kerberos and JDBC
Once you’ve configured Kerberos, you can connect with JDBC by specifying the principal and keytab values in your connection string; for example:
splice> CONNECT 'jdbc:splice://localhost:1527/splicedb;principal=jdoe@SPLICEMACHINE.COLO;keytab=/tmp/user1.keytab';
If you’re using HAProxy, simply specify your proxy host as the server in the connect string:
splice> CONNECT 'jdbc:splice://<haproxy-host>:1527/splicedb;principal=jdoe@SPLICEMACHINE.COLO;keytab=/tmp/user1.keytab';
If your keytab file is stored on HDFS, you can specify the connection like this instead:
splice> CONNECT 'jdbc:splice://localhost:1527/splicedb;principal=jdoe@SPLICEMACHINE.COLO;keytab=hdfs:///tmp/splice.keytab';
When connecting third-party software via JDBC using a keytab file stored on HDFS, you must make sure that the Splice Machine libraries are in your classpath: