Access Kerberos-protected HTTP endpoints
As a user, before accessing any Druid HTTP endpoints, you need to authenticate yourself using Kerberos and get a valid Kerberos ticket.
Log in through the Key Distribution Center (KDC).
kinit -k -t <keytab_file_path> <user@REALM.COM>
Verify that you received a valid Kerberos authentication ticket by running the klist command.The console prints a Credentials cache message if authentication was successful. An error message indicates that the credentials are not cached.
Access Druid with a curl command, including the SPNEGO
protocol --negotiate argument.
curl --negotiate -u:<anyUser> -b ~/<cookies.txt> -c ~/<cookies.txt> -X POST -H'Content-Type: application/json' http://_<endpoint>The negotiate argument is prefaced by two hyphens.
Submit a query to Druid:
curl --negotiate -u:<anyUser> -b ~/<cookies.txt> -c ~/<cookies.txt> -X POST -H'Content-Type: application/json' http://broker-host:port/druid/v2/?pretty -d @query.json