hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Shelukhin <ser...@hortonworks.com>
Subject Re: HiveServer2 & Kerberos
Date Mon, 24 Aug 2015 17:24:57 GMT
If that is the case it sounds like a bug…

From: Jary Du <jary.du@gmail.com<mailto:jary.du@gmail.com>>
Reply-To: "user@hive.apache.org<mailto:user@hive.apache.org>" <user@hive.apache.org<mailto:user@hive.apache.org>>
Date: Thursday, August 20, 2015 at 08:56
To: "user@hive.apache.org<mailto:user@hive.apache.org>" <user@hive.apache.org<mailto:user@hive.apache.org>>
Subject: Re: HiveServer2 & Kerberos

My understanding is that it will always ask you user/password even though you don’t need
them. It is just the way how hive is setup.

On Aug 20, 2015, at 8:28 AM, Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>
wrote:

!connect jdbc:hive2://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL<http://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL>
org.apache.hive.jdbc.HiveDriver
scan complete in 13ms
Connecting to jdbc:hive2://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL<http://192.168.6.210:10000/db;principal=hive/hiveHost@WESTEROS.WL>
Enter password for jdbc:hive2://192.168.6.210:10000/chaneldb;principal=hive/hiveHost@WESTEROS.WL<http://192.168.6.210:10000/chaneldb;principal=hive/hiveHost@WESTEROS.WL>:

And if I press enter everything works perfectly, because I am using Kerberos authentication,
that's actually why I was asking what is Hive asking for, because in my case, it seems that
I shouldn't be asked for a password when connecting.

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-20 17:06 GMT+02:00 Jary Du <jary.du@gmail.com<mailto:jary.du@gmail.com>>:
How does Beeline ask you? What happens if you just press enter?



On Aug 20, 2015, at 12:15 AM, Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>
wrote:

Indeed, I don't need the password, but why is Beeline asking me for one ? To what does it
correspond ?

Thanks again,


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-19 18:22 GMT+02:00 Jary Du <jary.du@gmail.com<mailto:jary.du@gmail.com>>:
Correct me if I am wrong, my understanding is that after using kerberos authentication, you
probably don’t need the password.

Hope it helps

Thanks,
Jary


On Aug 19, 2015, at 9:09 AM, Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>
wrote:

By the way, thanks a lot for your help, because your solution works, but I'm still interested
in knowing what is the password I did not enter.

Thanks again,


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-19 18:07 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>:
All right, but then, what is the password hive asks for ? Hive's one ? How do I know its value
?

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-19 17:51 GMT+02:00 Jary Du <jary.du@gmail.com<mailto:jary.du@gmail.com>>:
For Beeline connection string, it should be "!connect jdbc:hive2://<host>:<port>/<db>;principal=<Server_Principal_of_HiveServer2>”.
Please make sure it is the hive’s principal, not the user’s. And when you kinit, it should
be kinit user’s keytab, not the hive’s keytab.





On Aug 19, 2015, at 8:46 AM, Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>
wrote:

Yeah, I forgot to mention it, but each time I did a kinit user/hive before launching beeline,
as I read somewhere that Beeline does not handle Kerberos connection.

So, as I can make klist before launching beeline and having a good result, the problem does
not come from this. Thanks a lot for your response though.
Do you have another idea ?

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-19 17:42 GMT+02:00 Jary Du <jary.du@gmail.com<mailto:jary.du@gmail.com>>:
"The Beeline client must have a valid Kerberos ticket in the ticket cache before attempting
to connect." (http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html)

So you need kinit first to have the valid Kerberos ticket int the ticket cache before using
beeline to connect to HS2.

Jary

On Aug 19, 2015, at 8:36 AM, Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>
wrote:

Hi again,

As I searched another way to make some requests with Kerberos enabled for security on HiveServer,
I found that this request should do the same :
!connect jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL>
org.apache.hive.jdbc.HiveDriver
But now I've got another error :
Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL>:
Peer indicated failure: GSS initiate failed (state=08S01,code=0)

As I saw that it was maybe a simple Kerberos ticket related problem, I tried to re-generate
Kerberos keytabs, and to ensure that Hive has the path to access to its keytab, but nothing
changed.

Does anyone has an idea about how to solve this issue ?

Thanks in advance for your help :)


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne

2015-08-19 12:01 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net<mailto:loic.chanel@telecomnancy.net>>:
Hi all,

I have a little issue with HiveServer2 since I have enabled Kerberos. I'm unable to connect
to the service via Beeline. When doing
!connect jdbc:hive2://192.168.6.210:10000<http://192.168.6.210:10000/> hive hive org.apache.hive.jdbc.HiveDriver
I keep receiving the same error :
Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000<http://192.168.6.210:10000/>:
Peer indicated failure: Unsupported mechanism type PLAIN (state=08S01,code=0)

Does anyone had the same problem ? Or know how to solve it ?
Thanks in advance,


Loïc

Loïc CHANEL
Engineering student at TELECOM Nancy
Trainee at Worldline - Villeurbanne











Mime
View raw message