JGSSPrincipalAsDBUser
Whether to use the Kerberos principal as the database username. Only applies when UseJGSS is enabled.
Data Type
bool
Default Value
true
Remarks
The connector uses three pieces of information to authenticate the connection in Kerberos mode. When UseJGSS is enabled, only the service principal and database role may be configured within the connector. The user principal comes from the subject configured inside the Java security framework.
- The service principal that identifies the server itself (for example, hive/hiveserver.company.com)
- The user principal that identifies the user connecting to the server ([email protected])
- The database user that identifies a set of permissions within the database (bob)
By default the KerberosUser (or User) is the service principal. The database user is automatically derived from the user principal. For example, if you authenticate as the user principal [email protected] the database user is set to bob.
When JGSSPrincipalAsDBUser=false, the KerberosUser (or User) is the database role and the KerberosSPN is the service principal.