Connecting to Apache Hive

Specify the following to establish a connection with Apache Hive:

• Server: Set this to the host name or IP address of the server hosting HiveServer2.

• Port: Set this to the port for the connection to the HiveServer2 instance.

Authenticating to Apache Hive

To authenticate to Apache Hive, set the following:

• TransportMode: The transport mode to use to communicate with the Hive server. Accepted entries are BINARY and HTTP. BINARY is selected by default.

• AuthScheme: The authentication scheme used. Accepted entries are PLAIN, LDAP, NOSASL, and KERBEROS. PLAIN is selected by default.

Securing Apache Hive Connections

To enable TLS/SSL in the provider, set UseSSL to True.

Connecting to HDFS

In order to connect, set the following connection properties:

• Host: Set this value to the host of your HDFS installation.

• Port: Set this value to the port of your HDFS installation. Default port: 50070

• UseSSL: (Optional) Set this value to 'True', to negotiate TLS/SSL connections to the HDFS server. Default: 'False'.

Authenticating to HDFS

There are two authentication methods available for connecting to the HDFS data source, Anonymous Authentication and Negotiate (Kerberos) Authentication.

Anonymous Authentication

In some situations, HDFS may be connected to without any authentication connection properties. To do so, set the AuthScheme to None (default).

Kerberos

When authentication credentials are required, you can use Kerberos.

To connect, set the following connection properties.

Set Url to the machine name or IP address of the server and the port the server is running on, for example, https://server:port. The User and Password are required to authenticate to the HPCC system specified in Url. Note that LDAP authentication is not currently supported.

Set Version to the WsSQL Web server version. Note that if you have not already done so, you will need to install the WsSQL service on the HPCC server. The connector uses the WsSQL Web service to interact with the underlying HPCC system.

Set Cluster to the target cluster.

The connector for Apache HBase connects to Apache HBase via the HBase REST (Stargate) server.

Set the Port and Server properties to connect to Apache HBase.

The Server property will typically be the host name or IP address of the server hosting Apache HBase. If there are multiple nodes, you will use the host name or IP address of the machine running the REST (Stargate) server.

1.1 Starting the Server

Different Hadoop distributions contain different interfaces and means of starting and stopping the HBase REST server, along with different default port settings.

In most distributions, the HBase REST server can be started in the foreground by running the following command: "hbase rest start -p <port>". Please consult your Hadoop distribution's documentation for further information regarding the HBase REST server.

1.2 Authenticating to Apache HBase

The connector for Apache HBase supports authentication over Basic and Negotiate.

1.2.1 No Authentication

By default, no authentication (or anonymous auth) is used. Set AuthScheme to None to explicitly enforce no authentication.

1.2.2 Authenticating with Basic

Basic authentication may be used by setting AuthScheme to Basic. In addition, set the following:

• User: The Apache HBase user;

• Password: The Apache HBase password;

1.2.3 Authenticating with Kerberos

To authenticate with Kerberos, set AuthScheme to NEGOTIATE and set the User and Password.

To authenticate to Apache HBase using Kerberos, set the following properties:

• AuthScheme: Set this to KERBEROS

• KerberosKDC: Set this to the host name or IP Address of your Kerberos KDC machine.

• KerberosSPN: Set this to the service and host of the Apache HBase Kerberos Principal. This will be the value prior to the '@' symbol (for instance, hbase/MyHost) of the hbase.regionserver.kerberos.principal of the hbase-site.xml file (for instance, hbase/MyHost@EXAMPLE.COM).

1.2.3.1 Retrieve the Kerberos Ticket

You can use one of the following options to retrieve the required Kerberos ticket.

1.2.3.2 MIT Kerberos Credential Cache File

This option enables you to use the MIT Kerberos Ticket Manager or kinit command to get tickets. Note that you won't need to set the User or Password connection properties with this option.

1. Ensure that you have an environment variable created called KRB5CCNAME.

2. Set the KRB5CCNAME environment variable to a path pointing to your credential cache file (for instance, C:\krb_cache\krb5cc_0 or /tmp/krb5cc_0). This file will be created when generating your ticket with MIT Kerberos Ticket Manager.

3. To obtain a ticket, open the MIT Kerberos Ticket Manager application, click Get Ticket, enter your principal name and password, then click OK. If successful, ticket information will appear in Kerberos Ticket Manager and will now be stored in the credential cache file.

4. Now that the credential cache file has been created, the provider will use the cache file to obtain the kerberos ticket to connect to Apache HBase.

As an alternative to setting the KRB5CCNAME environment variable, you can directly set the file path using the KerberosTicketCache property. When set, the provider will use the specified cache file to obtain the kerberos ticket to connect to Apache HBase.

1.2.3.3 Keytab File

If the KRB5CCNAME environment variable has not been set, you can retrieve a Kerberos ticket using a Keytab File. To do this, set the User property to the desired username and set the KerberosKeytabFile property to a file path pointing to the keytab file associated with the user.

1.2.3.4 User and Password

If both the KRB5CCNAME environment variable and the KerberosKeytabFile property have not been set, you can retrieve a ticket using a User and Password combination. To do this, set the User and Password properties to the user/password combo that you use to authenticate with Apache HBase.

1.2.3.5 Cross-Realm Authentication

More complex Kerberos environments may require cross-realm authentication where multiple realms and KDC servers are used (e.g. where one realm/KDC is used for user authentication and another realm/KDC used for obtaining the service ticket).

In such an environment, the KerberosRealm and KerberosKDC properties can be set to the values required for user authentication. The KerberosServiceRealm and KerberosServiceKDC properties can be set to the values required to obtain the service ticket.

The following are the connection properties for Apache HBase. Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Connecting to Greenplum

To connect to Greenplum, set the Server, Port (the default port is 5432), and Database connection properties and set the User and Password you want to use to authenticate to the server. If the Database property is not specified, the provider connects to the user's default database (it is the same name as the user).

Authenticating to Greenplum

The CData ADO.NET Provider for Greenplum supports the md5, password, Kerberos and SASL (particulary, SCRAM-SHA-256) authentication methods.

The specific authentication method is setup in the pg_hba.conf file on the Greenplum Server. You can find instructions about authentication setup on the Greenplum Server here. The md5, password and SASL authentication methods do not require additional setup by the CData ADO.NET Provider for Greenplum.

Kerberos

The Greenplum Server initiates authentication with the Kerberos Server when the driver for Greenplum attempts a connection. You need to setup Kerberos on the Greenplum Server to activate this authentication method. After you have Kerberos authentication setup on the Greenplum Server, see Using Kerberos for details on how to authenticate with Kerberos

Connecting to Spark SQL

Specify the following to establish a connection with Spark SQL:

• Server: Set this to the host name or IP address of the server hosting SparkSQL.

• Port: Set this to the port for the connection to the SparkSQL instance.

• TransportMode: The transport mode to use to communicate with the SparkSQL server. Accepted entries are BINARY and HTTP. BINARY is selected by default.

Securing Spark SQL Connections

To enable TLS/SSL in the provider, set UseSSL to True.

Authenticating to Spark SQL

The service may be authenticated to using the PLAIN, LDAP, NOSASL, KERBEROS auth schemes.

PLAIN

To authenticate with PLAIN, set the following connection properties:

• AuthScheme: Set this to PLAIN.

• User: Set this to user to login as.

• Password: Set this to the password of the user.

To authenticate, set User and Password.

LDAP

To authenticate with LDAP, set the following connection properties:

• AuthScheme: Set this to LDAP.

• User: Set this to user to login as.

• Password: Set this to the password of the user.

To authenticate, set User, Password, and AuthScheme.

NOSASL

When using NOSASL, no authentication is performed. Set the following connection properties:

• AuthScheme: Set this to NOSASL.

Kerberos

Please see Apache HDFS connector for details on how to authenticate with Kerberos.

Connecting to Databricks

To connect to a Databricks cluster, set the properties as described below. Note: The needed values can be found in your Databricks instance by navigating to 'Clusters', selecting the desired cluster, and selecting the JDBC/ODBC tab under 'Advanced Options'.

• Server: Set to the Server Hostname of your Databricks cluster.

• Port: 443

• TransportMode: HTTP

• HTTPPath: Set to the HTTP Path of your Databricks cluster.

• UseSSL: True

• AuthScheme: PLAIN

• User: Set this to user to login as

• Password: Set to your personal access token (value can be obtained by navigating to the User Settings page of your Databricks instance and selecting the Access Tokens tab).