Troubleshooting Trino

Kerberos and LDAP cannot be enabled at the same time since they are set using the same property, http-server.authentication.type.

If you enable LDAP on a Kerberos cluster, Kerberos authentication will be disabled for Trino. However, Kerberos will remain enabled for the Hive connector so that you can access it by making below modifications.

  • Create and add user-mappings.json and rules.json under /etc/trino/conf.

# Ensure directory exists ls -lart /etc/trino/conf # Create user-mappings.json cat <<EOF > /etc/trino/conf/user-mappings.json { "rules": [ { "pattern": "^([^/]+).*$", "allow": true } ] } EOF # Create rules.json cat <<EOF > /etc/trino/conf/rules.json { "impersonation": [ { "original_user": ".*", "new_user": ".*" } ], "principals": [ { "principal": "(.*)", "principal_to_user": "\$1", "allow": true }, { "principal": "([^/]+)(/.*)?@.*", "principal_to_user": "\$1", "allow": true } ] } EOF
  • To add a custom krb5-user mapping, append the following line at the end of the file by Navigating to Ambari UI → TrinoAdvanced Configurationscoordinator-config.

Info

http-server.authentication.krb5.user-mapping.file=/etc/trino/conf/user-mappings.json

http-server.authentication.krb5.keytab=/etc/security/keytabs/trino.keytab http.authentication.krb5.config=/etc/krb5.conf node.internal-address-source=FQDN http-server.authentication.krb5.user-mapping.file=/etc/trino/conf/user-mappings.json


  Last updated
On This Page
Troubleshooting Trino