hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jary Du <jary...@gmail.com>
Subject Re: HiveServer2 & Kerberos
Date Wed, 19 Aug 2015 16:22:12 GMT
Correct me if I am wrong, my understanding is that after using kerberos authentication, you
probably don’t need the password.

Hope it helps

Thanks,
Jary


> On Aug 19, 2015, at 9:09 AM, Loïc Chanel <loic.chanel@telecomnancy.net> wrote:
> 
> By the way, thanks a lot for your help, because your solution works, but I'm still interested
in knowing what is the password I did not enter.
> 
> Thanks again,
> 
> 
> Loïc
> 
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
> 
> 2015-08-19 18:07 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>:
> All right, but then, what is the password hive asks for ? Hive's one ? How do I know
its value ?
> 
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
> 
> 2015-08-19 17:51 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
> For Beeline connection string, it should be "!connect jdbc:hive2://<host>:<port>/<db>;principal=<Server_Principal_of_HiveServer2>”.
Please make sure it is the hive’s principal, not the user’s. And when you kinit, it should
be kinit user’s keytab, not the hive’s keytab. 
> 
> 
> 
> 
> 
>> On Aug 19, 2015, at 8:46 AM, Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>
wrote:
>> 
>> Yeah, I forgot to mention it, but each time I did a kinit user/hive before launching
beeline, as I read somewhere that Beeline does not handle Kerberos connection.
>> 
>> So, as I can make klist before launching beeline and having a good result, the problem
does not come from this. Thanks a lot for your response though.
>> Do you have another idea ?
>> 
>> Loïc CHANEL
>> Engineering student at TELECOM Nancy
>> Trainee at Worldline - Villeurbanne
>> 
>> 2015-08-19 17:42 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
>> "The Beeline client must have a valid Kerberos ticket in the ticket cache before
attempting to connect." (http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html
<http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html>)
>> 
>> So you need kinit first to have the valid Kerberos ticket int the ticket cache before
using beeline to connect to HS2. 
>> 
>> Jary
>> 
>>> On Aug 19, 2015, at 8:36 AM, Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>
wrote:
>>> 
>>> Hi again,
>>> 
>>> As I searched another way to make some requests with Kerberos enabled for security
on HiveServer, I found that this request should do the same :
>>> !connect jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL> org.apache.hive.jdbc.HiveDriver
>>> But now I've got another error :
>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL>: Peer indicated
failure: GSS initiate failed (state=08S01,code=0)
>>> 
>>> As I saw that it was maybe a simple Kerberos ticket related problem, I tried
to re-generate Kerberos keytabs, and to ensure that Hive has the path to access to its keytab,
but nothing changed.
>>> 
>>> Does anyone has an idea about how to solve this issue ?
>>> 
>>> Thanks in advance for your help :)
>>> 
>>> 
>>> Loïc
>>> 
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>> 
>>> 2015-08-19 12:01 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>:
>>> Hi all,
>>> 
>>> I have a little issue with HiveServer2 since I have enabled Kerberos. I'm unable
to connect to the service via Beeline. When doing 
>>> !connect jdbc:hive2://192.168.6.210:10000 <http://192.168.6.210:10000/>
hive hive org.apache.hive.jdbc.HiveDriver
>>> I keep receiving the same error :
>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000
<http://192.168.6.210:10000/>: Peer indicated failure: Unsupported mechanism type PLAIN
(state=08S01,code=0)
>>> 
>>> Does anyone had the same problem ? Or know how to solve it ?
>>> Thanks in advance,
>>> 
>>> 
>>> Loïc
>>> 
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>> 
>> 
>> 
> 
> 
> 


Mime
View raw message