hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikhail Antonov <>
Subject User impersonation when accessing kerberized Hive/Hadoop installation from Beeline
Date Fri, 16 Aug 2013 20:05:37 GMT
I'm trying to access hiveserver2 with kerberos enabled (hive 10, cdh 4.2.1,
local metastore) from the beeline tool, but seeing some unexpected (to me)

 - when entering the command in Beeline like "!connect
jdbc:hive2://host:port/default;<hive principal>" I'm asked to enter
username and password, but whatever fake values I provide, I can still log
 - once I'm logged in, I can execute 'show databases;' and successfully see
the list of all databases from the metastore; but when I try to create one,
I'm getting error from the Hadoop layer, saying the user "hive" can't write
to specific location in HDFS. 'hive' in my configuration is the user who
runs the hiveserver2 and also user who runs beeline program, but entered
username in Beeline !connect command is, say, 'user1', so in the Hadoop
logs I expect to see something like "user1-via-hive' proxying, but that's
not what happens. That behavior seems to not depend on the
hive.server2.enable.impersonation or hive.server2.enable.doAs config param

Anyone has any thoughts?


View raw message