Accessing data using Apache Druid
Also available as:
PDF

Access Kerberos-protected HTTP endpoints

As a user, before accessing any Druid HTTP endpoints, you need to authenticate yourself using Kerberos and get a valid Kerberos ticket.

  1. Log in through the Key Distribution Center (KDC).
    kinit -k -t <keytab_file_path> <user@REALM.COM>
  2. Verify that you received a valid Kerberos authentication ticket by running the klist command.
    The console prints a Credentials cache message if authentication was successful. An error message indicates that the credentials are not cached.
  3. Access Druid with a curl command, including the SPNEGO protocol --negotiate argument.
    curl --negotiate -u:<anyUser> -b ~/<cookies.txt> -c ~/<cookies.txt> -X POST -H'Content-Type: application/json' http://_<endpoint>
    The negotiate argument is prefaced by two hyphens.
  4. Submit a query to Druid:
    curl --negotiate -u:<anyUser> -b ~/<cookies.txt> -c ~/<cookies.txt> -X POST -H'Content-Type: application/json'  http://broker-host:port/druid/v2/?pretty -d @query.json