hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Savant, Keshav" <Keshav.C.Sav...@fisglobal.com>
Subject RE: Kerberized Hive | Remote Access using Keytab
Date Tue, 22 Apr 2014 11:39:44 GMT
Hi All,

Can someone provide some information on below problem?

Kind Regards,
Keshav C Savant

From: Savant, Keshav [mailto:Keshav.C.Savant@fisglobal.com]
Sent: Friday, April 18, 2014 3:52 PM
To: user@hive.apache.org
Subject: Kerberized Hive | Remote Access using Keytab

Hi All,

I have successfully Kerberized the CDH5 & Hive. Now I can do a kinit & then issue
hive queries.

Next I wanted to access hive remotely from standalone java client using keytab file so that
kinit (or credential prompt) can be avoided.

I have written a java code with following lines (based on input from cdh-user google group<https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/a/cloudera.org/forum/%23%21topic/cdh-user/S7nPFx0w90U&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=n8%2FsNJ1paZ2bqAHakATIk84Ym2qkN8Z0Oh2DW2luaMQ%3D%0A&m=5bmaY2O6gxvhGmAlWv5Rm1CE0ohlHdXuWX97e3K5SX4%3D%0A&s=f8d620a00927b0d175986961186dd09268d50bd540d4340e74c68f8ba0a2cc53>)
to solve the above problem, but after that I am getting GSS initiate failed exception.

Configuration conf = new Configuration();
conf.addResource(new java.io.FileInputStream("/installer/hive_jdbc/core-site.xml")); //file
placed at this path
SecurityUtil.login(conf,"/path/to/my/keytab/file/user.keytab", "user@domain");

I have also posted the same problem on this<https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/a/cloudera.org/forum/%23%21topic/cdh-user/S7nPFx0w90U&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=n8%2FsNJ1paZ2bqAHakATIk84Ym2qkN8Z0Oh2DW2luaMQ%3D%0A&m=5bmaY2O6gxvhGmAlWv5Rm1CE0ohlHdXuWX97e3K5SX4%3D%0A&s=f8d620a00927b0d175986961186dd09268d50bd540d4340e74c68f8ba0a2cc53>
URL, sample code & logs are posted here.

As per the apache hive wiki on this<https://urldefense.proofpoint.com/v1/url?u=https://cwiki.apache.org/confluence/display/Hive/HiveServer2%26%2343%3BClients%23HiveServer2Clients-JDBCClientSetupforaSecureCluster&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=n8%2FsNJ1paZ2bqAHakATIk84Ym2qkN8Z0Oh2DW2luaMQ%3D%0A&m=5bmaY2O6gxvhGmAlWv5Rm1CE0ohlHdXuWX97e3K5SX4%3D%0A&s=eba097fe03762745b0271351811bc5ce726f5d5cc4dcb5e6137f6eb67cdff4b7>
page, a valid ticket needs to be there in ticket cache for hitting a kerberized hive. Can
I bypass this & use a keytab for hitting kerberized hive from a standalone java program?

Kindly provide some input/pointers/examples to solve this.

Kind regards,
Keshav C Savant
_____________
The information contained in this message is proprietary and/or confidential. If you are not
the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose,
distribute or use the message in any manner; and (iii) notify the sender immediately. In addition,
please be aware that any message addressed to our domain is subject to archiving and review
by persons other than the intended recipient. Thank you.

_____________
The information contained in this message is proprietary and/or confidential. If you are not
the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose,
distribute or use the message in any manner; and (iii) notify the sender immediately. In addition,
please be aware that any message addressed to our domain is subject to archiving and review
by persons other than the intended recipient. Thank you.

Mime
View raw message