In order to connect to a kerberos-secured cluster from the query server, the query server must be configured to connect using the security credentials. This means all operations performed by that query server are performed using these credentials. See the security-related configs mentioned in the Configuration section [0] of the online docs.

I know there's interest in improving the state of things, but I'm not up to speed on what JIRAs have been filed in this regard.


On Mon, Sep 14, 2015 at 10:54 PM, Sumit Nigam <> wrote:

Currently, I connect to Phoenix driver using following string:  "jdbc:phoenix:[quorom]:[port]:[rootNode]:[principal]:[keytab]"

I also notice, that there is a reference to thin driver as - jdbc:phoenix:thin:url=<scheme>://<server-hostname>:<port>

So, should I also change the connect string to use thin? I use Phoenix 4.5.1 with Hbase 0.98.1. Is there any advantage to it?

Secondly, I am yet to try using Kerberos with 4.5.1. Would anyone have any pitfalls to avoid or does it work seamlessly?