hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loïc Chanel <loic.cha...@telecomnancy.net>
Subject Re: HiveServer2 & Kerberos
Date Tue, 25 Aug 2015 07:23:40 GMT
It is the case.
Would you like me to fill a JIRA about it ?

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-24 19:24 GMT+02:00 Sergey Shelukhin <sergey@hortonworks.com>:

> If that is the case it sounds like a bug…
>
> From: Jary Du <jary.du@gmail.com>
> Reply-To: "user@hive.apache.org" <user@hive.apache.org>
> Date: Thursday, August 20, 2015 at 08:56
> To: "user@hive.apache.org" <user@hive.apache.org>
> Subject: Re: HiveServer2 & Kerberos
>
> My understanding is that it will always ask you user/password even though
> you don’t need them. It is just the way how hive is setup.
>
> On Aug 20, 2015, at 8:28 AM, Loïc Chanel <loic.chanel@telecomnancy.net>
> wrote:
>
> !connect jdbc:hive2://
> 192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL
> org.apache.hive.jdbc.HiveDriver
> scan complete in 13ms
> Connecting to jdbc:hive2://
> 192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL
> Enter password for jdbc:hive2://
> 192.168.6.210:10000/chaneldb;principal=hive/hiveHost@WESTEROS.WL:
>
> And if I press enter everything works perfectly, because I am using
> Kerberos authentication, that's actually why I was asking what is Hive
> asking for, because in my case, it seems that I shouldn't be asked for a
> password when connecting.
>
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
>
> 2015-08-20 17:06 GMT+02:00 Jary Du <jary.du@gmail.com>:
>
>> How does Beeline ask you? What happens if you just press enter?
>>
>>
>>
>> On Aug 20, 2015, at 12:15 AM, Loïc Chanel <loic.chanel@telecomnancy.net>
>> wrote:
>>
>> Indeed, I don't need the password, but why is Beeline asking me for one ?
>> To what does it correspond ?
>>
>> Thanks again,
>>
>>
>> Loïc
>>
>> Loïc CHANEL
>> Engineering student at TELECOM Nancy
>> Trainee at Worldline - Villeurbanne
>>
>> 2015-08-19 18:22 GMT+02:00 Jary Du <jary.du@gmail.com>:
>>
>>> Correct me if I am wrong, my understanding is that after using kerberos
>>> authentication, you probably don’t need the password.
>>>
>>> Hope it helps
>>>
>>> Thanks,
>>> Jary
>>>
>>>
>>> On Aug 19, 2015, at 9:09 AM, Loïc Chanel <loic.chanel@telecomnancy.net>
>>> wrote:
>>>
>>> By the way, thanks a lot for your help, because your solution works, but
>>> I'm still interested in knowing what is the password I did not enter.
>>>
>>> Thanks again,
>>>
>>>
>>> Loïc
>>>
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>>
>>> 2015-08-19 18:07 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net>:
>>>
>>>> All right, but then, what is the password hive asks for ? Hive's one ?
>>>> How do I know its value ?
>>>>
>>>> Loïc CHANEL
>>>> Engineering student at TELECOM Nancy
>>>> Trainee at Worldline - Villeurbanne
>>>>
>>>> 2015-08-19 17:51 GMT+02:00 Jary Du <jary.du@gmail.com>:
>>>>
>>>>> For Beeline connection string, it should be "!connect
>>>>> jdbc:hive2://<host>:<port>/<db>;principal=<Server_Principal_of_HiveServer2>”.
Please
>>>>> make sure it is the hive’s principal, not the user’s. And when you
kinit,
>>>>> it should be kinit user’s keytab, not the hive’s keytab.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Aug 19, 2015, at 8:46 AM, Loïc Chanel <loic.chanel@telecomnancy.net>
>>>>> wrote:
>>>>>
>>>>> Yeah, I forgot to mention it, but each time I did a kinit user/hive
>>>>> before launching beeline, as I read somewhere that Beeline does not handle
>>>>> Kerberos connection.
>>>>>
>>>>> So, as I can make klist before launching beeline and having a good
>>>>> result, the problem does not come from this. Thanks a lot for your response
>>>>> though.
>>>>> Do you have another idea ?
>>>>>
>>>>> Loïc CHANEL
>>>>> Engineering student at TELECOM Nancy
>>>>> Trainee at Worldline - Villeurbanne
>>>>>
>>>>> 2015-08-19 17:42 GMT+02:00 Jary Du <jary.du@gmail.com>:
>>>>>
>>>>>> "The Beeline client must have a valid Kerberos ticket in the ticket
>>>>>> cache before attempting to connect." (
>>>>>> http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html
>>>>>> )
>>>>>>
>>>>>> So you need kinit first to have the valid Kerberos ticket int the
>>>>>> ticket cache before using beeline to connect to HS2.
>>>>>>
>>>>>> Jary
>>>>>>
>>>>>> On Aug 19, 2015, at 8:36 AM, Loïc Chanel <
>>>>>> loic.chanel@telecomnancy.net> wrote:
>>>>>>
>>>>>> Hi again,
>>>>>>
>>>>>> As I searched another way to make some requests with Kerberos enabled
>>>>>> for security on HiveServer, I found that this request should do the
same :
>>>>>> !connect jdbc:hive2://
>>>>>> 192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
>>>>>> org.apache.hive.jdbc.HiveDriver
>>>>>> But now I've got another error :
>>>>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://
>>>>>> 192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL: Peer
>>>>>> indicated failure: GSS initiate failed (state=08S01,code=0)
>>>>>>
>>>>>> As I saw that it was maybe a simple Kerberos ticket related problem,
>>>>>> I tried to re-generate Kerberos keytabs, and to ensure that Hive
has the
>>>>>> path to access to its keytab, but nothing changed.
>>>>>>
>>>>>> Does anyone has an idea about how to solve this issue ?
>>>>>>
>>>>>> Thanks in advance for your help :)
>>>>>>
>>>>>>
>>>>>> Loïc
>>>>>>
>>>>>> Loïc CHANEL
>>>>>> Engineering student at TELECOM Nancy
>>>>>> Trainee at Worldline - Villeurbanne
>>>>>>
>>>>>> 2015-08-19 12:01 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net>
>>>>>> :
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I have a little issue with HiveServer2 since I have enabled
>>>>>>> Kerberos. I'm unable to connect to the service via Beeline. When
doing
>>>>>>> !connect jdbc:hive2://192.168.6.210:10000 hive hive
>>>>>>> org.apache.hive.jdbc.HiveDriver
>>>>>>> I keep receiving the same error :
>>>>>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://
>>>>>>> 192.168.6.210:10000: Peer indicated failure: Unsupported mechanism
>>>>>>> type PLAIN (state=08S01,code=0)
>>>>>>>
>>>>>>> Does anyone had the same problem ? Or know how to solve it ?
>>>>>>> Thanks in advance,
>>>>>>>
>>>>>>>
>>>>>>> Loïc
>>>>>>>
>>>>>>> Loïc CHANEL
>>>>>>> Engineering student at TELECOM Nancy
>>>>>>> Trainee at Worldline - Villeurbanne
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>
>

Mime
View raw message