Password Authenticator

Presto supports authentication with a username and password via a custom password authenticator that validates the credentials and creates a principal.


PasswordAuthenticatorFactory is responsible for creating a PasswordAuthenticator instance. It also defines the name of this authenticator which is used by the administrator in a Presto configuration.

PasswordAuthenticator contains a single method, createAuthenticatedPrincipal(), that validates the credential and returns a Principal, which is then authorized by the System Access Control.

The implementation of PasswordAuthenticatorFactory must be wrapped as a plugin and installed on the Presto cluster.


After a plugin that implements PasswordAuthenticatorFactory has been installed on the coordinator, it is configured using an etc/ file. All of the properties other than are specific to the PasswordAuthenticatorFactory implementation.

The property is used by Presto to find a registered PasswordAuthenticatorFactory based on the name returned by PasswordAuthenticatorFactory.getName(). The remaining properties are passed as a map to PasswordAuthenticatorFactory.create().

Example configuration file:

Additionally, the coordinator must be configured to use password authentication and have HTTPS enabled.