Security tab
- Last Updated: August 25, 2023
- 1 minute read
- DataDirect Connectors
- ODBC
- Apache Hive 8.0
- Documentation
The Security tab allows you to specify your security settings. The fields are optional unless otherwise noted. On this tab, provide values for the options in the following table; then, click Apply.
See "Using security" for a general description of authentication and encryption and their configuration requirements.
| Connection Options: Security | Description |
|---|---|
| Authentication Method | Specifies the method the driver uses to
authenticate the user to the server when a connection is established. If set to 0- User ID/Password, the driver sends the user ID in clear text and an encrypted password to the server for authentication. If set to -1 - No Authentication, the driver sends the user ID and password in clear text to the server for authentication. If set to 4 - Kerberos Authentication, the driver uses Kerberos authentication. This method supports both Windows Active Directory Kerberos and MIT Kerberos environments. Default: 0- User ID/Password |
| User Name | The default user ID that is used to
connect to your database. Default: None |
| Proxy User | Specifies the UserID used for Impersonation and Trusted
Impersonation. When impersonation is enabled on the server, this value determines your
identity and access rights to files when executing queries. Default: None. If no value is provided for this option or if impersonation is disabled, you will execute queries as the user who initiated the HiveServer process. |
| Service Principal Name | The service principal name to be used by
driver for Kerberos authentication. Default: None. |
| GSS Client Library | The name of the GSS client library that the driver uses to
communicate with the Key Distribution Center (KDC). Default: native (the driver uses the GSS client for Windows Kerberos. ) |
| Encryption Method | The method the driver uses to encrypt
data sent between the driver and the database server. If set to 0 - No Encryption, data is not encrypted. If set to 1 - SSL, data is encrypted using the SSL protocols specified in the Crypto Protocol Version connection option. Default: 0 - No Encryption |
| Crypto Protocol Version | Specifies the cryptographic protocols to use when SSL is enabled
using the Encryption Method connection option (EncryptionMethod=1). Default: TLSv1.2, TLSv1.1, TLSv1 |
| Validate Server Certificate | Determines whether the driver validates
the certificate that is sent by the database server when SSL encryption is enabled
(Encryption Method=1). If enabled, the driver validates the certificate that is sent by the database server. Any certificate from the server must be issued by a trusted CA in the truststore file. If the Host Name In Certificate option is specified, the driver also validates the certificate using a host name. The Host Name In Certificate option provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested. If disabled, the driver does not validate the certificate that is sent by the database server. The driver ignores any truststore information specified by the Truststore and Truststore Password options. Default: Enabled |
| Enable FIPS | Determines whether the OpenSSL library uses cryptographic algorithms from the
FIPS provider or the default provider when TLS/SSL encryption is enabled
(Encryption Method=1).If disabled, the OpenSSL library uses cryptographic algorithms from the default provider. If enabled, the OpenSSL library uses cryptographic algorithms from the FIPS provider. Default: Disabled |
| Truststore | The directory that contains the truststore file and the truststore file name to
be used when SSL is enabled (EncryptionMethod=1) and server authentication is used. Default: None |
| Truststore Password | Specifies the password that is used to access the truststore file when SSL is
enabled (EncryptionMethod=1) and server
authentication is used. Default: None |
| Keystore | The name of the directory containing the keystore file to be used when SSL is
enabled (EncryptionMethod=1) and SSL client
authentication is enabled on the database server. Default: None |
| Keystore Password | The password used to access the keystore file when SSL is enabled (Encryption Method=1) and SSL client authentication is
enabled on the database server. Default: None |
| Key Password | Specifies the password used to access the individual keys in the keystore file
when SSL is enabled (Encryption Method=1) and
SSL client authentication is enabled on the database server. Default: None |
| Host Name In Certificate | A host name for certificate validation
when SSL encryption is enabled (Encryption
Method=1) and validation is enabled (Validate
Server Certificate=1). Default: None |
If you finished configuring your driver, proceed to Step 6 in "Data source configuration through a GUI." Optionally, you can further configure your driver by clicking on the following tabs. The following sections provide details on the fields specific to each configuration tab:
- General tab allows you to configure options that are required for creating a data source.
- Advanced tab allows you to configure advanced behavior.