Return-Path: X-Original-To: apmail-hive-user-archive@www.apache.org Delivered-To: apmail-hive-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C6AFB11D19 for ; Tue, 22 Apr 2014 11:40:19 +0000 (UTC) Received: (qmail 24626 invoked by uid 500); 22 Apr 2014 11:40:16 -0000 Delivered-To: apmail-hive-user-archive@hive.apache.org Received: (qmail 24302 invoked by uid 500); 22 Apr 2014 11:40:15 -0000 Mailing-List: contact user-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hive.apache.org Delivered-To: mailing list user@hive.apache.org Received: (qmail 24294 invoked by uid 99); 22 Apr 2014 11:40:15 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Apr 2014 11:40:15 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Keshav.C.Savant@fisglobal.com designates 199.200.24.190 as permitted sender) Received: from [199.200.24.190] (HELO mx1.fisglobal.com) (199.200.24.190) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Apr 2014 11:40:09 +0000 Received: from smtp.fisglobal.com ([10.132.206.16]) by ltcfislmsgpa05.fnfis.com (8.14.5/8.14.5) with ESMTP id s3MBdjDx025885 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Tue, 22 Apr 2014 06:39:45 -0500 Received: from LTCFISWMSGMB11.FNFIS.com ([169.254.1.124]) by LTCFISWMSGHT05.FNFIS.com ([10.132.206.16]) with mapi id 14.03.0174.001; Tue, 22 Apr 2014 06:39:44 -0500 From: "Savant, Keshav" To: "user@hive.apache.org" Subject: RE: Kerberized Hive | Remote Access using Keytab Thread-Topic: Kerberized Hive | Remote Access using Keytab Thread-Index: Ac9a7+SIg1K4sZMTQpCRRHBVEaJNrADL2OTw Date: Tue, 22 Apr 2014 11:39:44 +0000 Deferred-Delivery: Tue, 22 Apr 2014 11:39:00 +0000 Message-ID: <79EDD5D125BEE94B930CFEAB3A2E37872A58A3B7@LTCFISWMSGMB11.FNFIS.com> References: <79EDD5D125BEE94B930CFEAB3A2E37872A5890F1@LTCFISWMSGMB11.FNFIS.com> In-Reply-To: <79EDD5D125BEE94B930CFEAB3A2E37872A5890F1@LTCFISWMSGMB11.FNFIS.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.126] Content-Type: multipart/alternative; boundary="_000_79EDD5D125BEE94B930CFEAB3A2E37872A58A3B7LTCFISWMSGMB11F_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.96,1.0.14,0.0.0000 definitions=2014-04-22_04:2014-04-22,2014-04-22,1970-01-01 signatures=0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_79EDD5D125BEE94B930CFEAB3A2E37872A58A3B7LTCFISWMSGMB11F_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi All, Can someone provide some information on below problem? Kind Regards, Keshav C Savant From: Savant, Keshav [mailto:Keshav.C.Savant@fisglobal.com] Sent: Friday, April 18, 2014 3:52 PM To: user@hive.apache.org Subject: Kerberized Hive | Remote Access using Keytab Hi All, I have successfully Kerberized the CDH5 & Hive. Now I can do a kinit & then= issue hive queries. Next I wanted to access hive remotely from standalone java client using key= tab file so that kinit (or credential prompt) can be avoided. I have written a java code with following lines (based on input from cdh-us= er google group) to solve the = above problem, but after that I am getting GSS initiate failed exception. Configuration conf =3D new Configuration(); conf.addResource(new java.io.FileInputStream("/installer/hive_jdbc/core-sit= e.xml")); //file placed at this path SecurityUtil.login(conf,"/path/to/my/keytab/file/user.keytab", "user@domain= "); I have also posted the same problem on this URL, sample code & logs are posted here. As per the apache hive wiki on this page, a valid ti= cket needs to be there in ticket cache for hitting a kerberized hive. Can I= bypass this & use a keytab for hitting kerberized hive from a standalone j= ava program? Kindly provide some input/pointers/examples to solve this. Kind regards, Keshav C Savant _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. --_000_79EDD5D125BEE94B930CFEAB3A2E37872A58A3B7LTCFISWMSGMB11F_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi All,

 

Can someone provide so= me information on below problem?

 

Kind Regards,

Keshav C Savant

 

From: Savant, = Keshav [mailto:Keshav.C.Savant@fisglobal.com]
Sent: Friday, April 18, 2014 3:52 PM
To: user@hive.apache.org
Subject: Kerberized Hive | Remote Access using Keytab

 

Hi All,

 

I have successfully Kerberized the CDH5 & H= ive. Now I can do a kinit & then issue hive queries.

 

Next I wanted to access hive remotely from standalon= e java client using keytab file so that kinit (or credential prompt) can be= avoided.

 

I have written a java code with following lines (bas= ed on input from cdh-user google group) to solve the above problem, but after that I am = getting GSS initiate failed exception.

 

C= onfiguration conf =3D new Configuration();

c= onf.addResource(new java.io.FileInputStream("/installer/hive_jdbc/core= -site.xml")); //file placed at this path

S= ecurityUtil.login(conf,"/path/to/my/keytab/file/user.keytab", &qu= ot;user@domain");

 

I have also posted the same problem on this URL, sample code & logs are posted here.

 

As per the apache hive wiki on this page, a valid ticket needs to be there in ticket cache for hitting= a kerberized hive. Can I bypass this & use a keytab for hitting kerber= ized hive from a standalone java program?

 

Kindly provide some input/pointers/examples to solve= this.

 

Kind regards,

Keshav C Savant

_____________
The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to ou= r domain is subject to archiving and review by persons other than the inten= ded recipient. Thank you.

_____________
The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
--_000_79EDD5D125BEE94B930CFEAB3A2E37872A58A3B7LTCFISWMSGMB11F_--