hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jary Du <jary...@gmail.com>
Subject Re: HiveServer2 & Kerberos
Date Thu, 20 Aug 2015 15:56:02 GMT
My understanding is that it will always ask you user/password even though you don’t need
them. It is just the way how hive is setup. 

> On Aug 20, 2015, at 8:28 AM, Loïc Chanel <loic.chanel@telecomnancy.net> wrote:
> 
> !connect jdbc:hive2://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL <http://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL>
org.apache.hive.jdbc.HiveDriver
> scan complete in 13ms
> Connecting to jdbc:hive2://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL
<http://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL>
> Enter password for jdbc:hive2://192.168.6.210:10000/chaneldb;principal=hive/hiveHost@WESTEROS.WL
<http://192.168.6.210:10000/chaneldb;principal=hive/hiveHost@WESTEROS.WL>:
> 
> And if I press enter everything works perfectly, because I am using Kerberos authentication,
that's actually why I was asking what is Hive asking for, because in my case, it seems that
I shouldn't be asked for a password when connecting.
> 
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
> 
> 2015-08-20 17:06 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
> How does Beeline ask you? What happens if you just press enter?
> 
> 
> 
>> On Aug 20, 2015, at 12:15 AM, Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>
wrote:
>> 
>> Indeed, I don't need the password, but why is Beeline asking me for one ? To what
does it correspond ?
>> 
>> Thanks again,
>> 
>> 
>> Loïc
>> 
>> Loïc CHANEL
>> Engineering student at TELECOM Nancy
>> Trainee at Worldline - Villeurbanne
>> 
>> 2015-08-19 18:22 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
>> Correct me if I am wrong, my understanding is that after using kerberos authentication,
you probably don’t need the password.
>> 
>> Hope it helps
>> 
>> Thanks,
>> Jary
>> 
>> 
>>> On Aug 19, 2015, at 9:09 AM, Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>
wrote:
>>> 
>>> By the way, thanks a lot for your help, because your solution works, but I'm
still interested in knowing what is the password I did not enter.
>>> 
>>> Thanks again,
>>> 
>>> 
>>> Loïc
>>> 
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>> 
>>> 2015-08-19 18:07 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>:
>>> All right, but then, what is the password hive asks for ? Hive's one ? How do
I know its value ?
>>> 
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>> 
>>> 2015-08-19 17:51 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
>>> For Beeline connection string, it should be "!connect jdbc:hive2://<host>:<port>/<db>;principal=<Server_Principal_of_HiveServer2>”.
Please make sure it is the hive’s principal, not the user’s. And when you kinit, it should
be kinit user’s keytab, not the hive’s keytab. 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On Aug 19, 2015, at 8:46 AM, Loïc Chanel <loic.chanel@telecomnancy.net
<mailto:loic.chanel@telecomnancy.net>> wrote:
>>>> 
>>>> Yeah, I forgot to mention it, but each time I did a kinit user/hive before
launching beeline, as I read somewhere that Beeline does not handle Kerberos connection.
>>>> 
>>>> So, as I can make klist before launching beeline and having a good result,
the problem does not come from this. Thanks a lot for your response though.
>>>> Do you have another idea ?
>>>> 
>>>> Loïc CHANEL
>>>> Engineering student at TELECOM Nancy
>>>> Trainee at Worldline - Villeurbanne
>>>> 
>>>> 2015-08-19 17:42 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
>>>> "The Beeline client must have a valid Kerberos ticket in the ticket cache
before attempting to connect." (http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html
<http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html>)
>>>> 
>>>> So you need kinit first to have the valid Kerberos ticket int the ticket
cache before using beeline to connect to HS2. 
>>>> 
>>>> Jary
>>>> 
>>>>> On Aug 19, 2015, at 8:36 AM, Loïc Chanel <loic.chanel@telecomnancy.net
<mailto:loic.chanel@telecomnancy.net>> wrote:
>>>>> 
>>>>> Hi again,
>>>>> 
>>>>> As I searched another way to make some requests with Kerberos enabled
for security on HiveServer, I found that this request should do the same :
>>>>> !connect jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL> org.apache.hive.jdbc.HiveDriver
>>>>> But now I've got another error :
>>>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL>: Peer indicated
failure: GSS initiate failed (state=08S01,code=0)
>>>>> 
>>>>> As I saw that it was maybe a simple Kerberos ticket related problem,
I tried to re-generate Kerberos keytabs, and to ensure that Hive has the path to access to
its keytab, but nothing changed.
>>>>> 
>>>>> Does anyone has an idea about how to solve this issue ?
>>>>> 
>>>>> Thanks in advance for your help :)
>>>>> 
>>>>> 
>>>>> Loïc
>>>>> 
>>>>> Loïc CHANEL
>>>>> Engineering student at TELECOM Nancy
>>>>> Trainee at Worldline - Villeurbanne
>>>>> 
>>>>> 2015-08-19 12:01 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net
<mailto:loic.chanel@telecomnancy.net>>:
>>>>> Hi all,
>>>>> 
>>>>> I have a little issue with HiveServer2 since I have enabled Kerberos.
I'm unable to connect to the service via Beeline. When doing 
>>>>> !connect jdbc:hive2://192.168.6.210:10000 <http://192.168.6.210:10000/>
hive hive org.apache.hive.jdbc.HiveDriver
>>>>> I keep receiving the same error :
>>>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000
<http://192.168.6.210:10000/>: Peer indicated failure: Unsupported mechanism type PLAIN
(state=08S01,code=0)
>>>>> 
>>>>> Does anyone had the same problem ? Or know how to solve it ?
>>>>> Thanks in advance,
>>>>> 
>>>>> 
>>>>> Loïc
>>>>> 
>>>>> Loïc CHANEL
>>>>> Engineering student at TELECOM Nancy
>>>>> Trainee at Worldline - Villeurbanne
>>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>> 
>> 
> 
> 


Mime
View raw message