trino-cli cannot be used with AD users as per the currently setup trino mapping rules.

[ssandona]

The current trino kerberos mapping rules are defined as follow

http-server.authentication.krb5.user-mapping.pattern=(.*)(/)(.*)

this allows interactions from Hue as the hue kerberos principal hue/<machine>@<domain> matches the pattern but does not allow to use the trino-cli with AD users as the related principal username@<domain> does not match the pattern.

[madhumita-bharde]

@ssandona @varunrao Just trying this out (and CF stack deployment went through perfectly fine..) so maybe a very dumb question, but is trino-cli usable as any user?

(From EMR Primary)

# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)

I was trying stuff out from here, but didn't help https://github.com/aws-samples/aws-emr-apache-ranger/blob/e75f25dcde5b40a71717a9ca948df88acebf08bf/aws_emr_blog_v3/scripts/emr-steps/presto-cli-kerberos_fix.sh

Hue UI is complaining of "LDAP server Error: Can't contact LDAP server" even though the LDAP server seems perfectly healthy.

I just need to get to trino somehow, to create some tables..

[madhumita-bharde]

@ssandona @varunrao Just trying this out (and CF stack deployment went through perfectly fine..) so maybe a very dumb question, but is trino-cli usable as any user?

(From EMR Primary)

# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)

I was trying stuff out from here, but didn't help https://github.com/aws-samples/aws-emr-apache-ranger/blob/e75f25dcde5b40a71717a9ca948df88acebf08bf/aws_emr_blog_v3/scripts/emr-steps/presto-cli-kerberos_fix.sh

Hue UI is complaining of "LDAP server Error: Can't contact LDAP server" even though the LDAP server seems perfectly healthy.

I just need to get to trino somehow, to create some tables..

For anybody who faces #1 , this helped:

kinit -kt /etc/trino.keytab  trino/$(hostname -f)@EC2.INTERNAL