Supported authentication
In CDH, the list of supported authentication modes for Impala clients included Kerberos. However, Kerberos authentication is not supported for Impala clients in Cloudera Data Warehouse. To connect to Impala that is running in Cloudera Data Warehouse you can use your workload userID and password.
Security change - Apache Knox authentication not supported in Cloudera Data Warehouse
Knox proxy that is generally used to extend the reach of Apache™ Hadoop® services to users outside of a Hadoop cluster is not supported within Cloudera Data Warehouse. Open the ports for on premises with Data Services as a gateway for communicating with AWS services.
Switch to LDAP auth for Impala-shell and Impyla clients
You can use impala-shell and impyla to query Impala Virtual Warehouses in Cloudera Data Warehouse; however, Kerberos is not supported with impala-shell and
impyla in Cloudera Data Warehouse. To query Impala Virtual Warehouse, you must
switch to LDAP authentication. To switch to LDAP, upgrade impala-shell to the latest version by
running the following command:
pip2 install impala-shell. You can specify the
following connection string when starting impala-shell to control how shell commands are
executed. You can specify options on the command line or in the impala-shell configuration
file:Impala-shell --protocol=’hs2-http’ --ssl -i “<impalad=host-name>:443” -u <user-name> -lwhere,
- hs2-http is the HiveServer2 protocol that impala-shell uses to speak to the Impala daemon
- -l enables LDAP authentication
- --ssl enables TLS/SSL for impala-shell
