hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jary Du <jary...@gmail.com>
Subject Re: HiveServer2 & Kerberos
Date Thu, 20 Aug 2015 15:06:29 GMT
How does Beeline ask you? What happens if you just press enter?



> On Aug 20, 2015, at 12:15 AM, Loïc Chanel <loic.chanel@telecomnancy.net> wrote:
> 
> Indeed, I don't need the password, but why is Beeline asking me for one ? To what does
it correspond ?
> 
> Thanks again,
> 
> 
> Loïc
> 
> Loïc CHANEL
> Engineering student at TELECOM Nancy
> Trainee at Worldline - Villeurbanne
> 
> 2015-08-19 18:22 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
> Correct me if I am wrong, my understanding is that after using kerberos authentication,
you probably don’t need the password.
> 
> Hope it helps
> 
> Thanks,
> Jary
> 
> 
>> On Aug 19, 2015, at 9:09 AM, Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>
wrote:
>> 
>> By the way, thanks a lot for your help, because your solution works, but I'm still
interested in knowing what is the password I did not enter.
>> 
>> Thanks again,
>> 
>> 
>> Loïc
>> 
>> Loïc CHANEL
>> Engineering student at TELECOM Nancy
>> Trainee at Worldline - Villeurbanne
>> 
>> 2015-08-19 18:07 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>:
>> All right, but then, what is the password hive asks for ? Hive's one ? How do I know
its value ?
>> 
>> Loïc CHANEL
>> Engineering student at TELECOM Nancy
>> Trainee at Worldline - Villeurbanne
>> 
>> 2015-08-19 17:51 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
>> For Beeline connection string, it should be "!connect jdbc:hive2://<host>:<port>/<db>;principal=<Server_Principal_of_HiveServer2>”.
Please make sure it is the hive’s principal, not the user’s. And when you kinit, it should
be kinit user’s keytab, not the hive’s keytab. 
>> 
>> 
>> 
>> 
>> 
>>> On Aug 19, 2015, at 8:46 AM, Loïc Chanel <loic.chanel@telecomnancy.net <mailto:loic.chanel@telecomnancy.net>>
wrote:
>>> 
>>> Yeah, I forgot to mention it, but each time I did a kinit user/hive before launching
beeline, as I read somewhere that Beeline does not handle Kerberos connection.
>>> 
>>> So, as I can make klist before launching beeline and having a good result, the
problem does not come from this. Thanks a lot for your response though.
>>> Do you have another idea ?
>>> 
>>> Loïc CHANEL
>>> Engineering student at TELECOM Nancy
>>> Trainee at Worldline - Villeurbanne
>>> 
>>> 2015-08-19 17:42 GMT+02:00 Jary Du <jary.du@gmail.com <mailto:jary.du@gmail.com>>:
>>> "The Beeline client must have a valid Kerberos ticket in the ticket cache before
attempting to connect." (http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html
<http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.1.3/bk_dataintegration/content/ch_using-hive-clients-examples.html>)
>>> 
>>> So you need kinit first to have the valid Kerberos ticket int the ticket cache
before using beeline to connect to HS2. 
>>> 
>>> Jary
>>> 
>>>> On Aug 19, 2015, at 8:36 AM, Loïc Chanel <loic.chanel@telecomnancy.net
<mailto:loic.chanel@telecomnancy.net>> wrote:
>>>> 
>>>> Hi again,
>>>> 
>>>> As I searched another way to make some requests with Kerberos enabled for
security on HiveServer, I found that this request should do the same :
>>>> !connect jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL> org.apache.hive.jdbc.HiveDriver
>>>> But now I've got another error :
>>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL
<http://192.168.6.210:10000/default;principal=user/hive@WESTEROS.WL>: Peer indicated
failure: GSS initiate failed (state=08S01,code=0)
>>>> 
>>>> As I saw that it was maybe a simple Kerberos ticket related problem, I tried
to re-generate Kerberos keytabs, and to ensure that Hive has the path to access to its keytab,
but nothing changed.
>>>> 
>>>> Does anyone has an idea about how to solve this issue ?
>>>> 
>>>> Thanks in advance for your help :)
>>>> 
>>>> 
>>>> Loïc
>>>> 
>>>> Loïc CHANEL
>>>> Engineering student at TELECOM Nancy
>>>> Trainee at Worldline - Villeurbanne
>>>> 
>>>> 2015-08-19 12:01 GMT+02:00 Loïc Chanel <loic.chanel@telecomnancy.net
<mailto:loic.chanel@telecomnancy.net>>:
>>>> Hi all,
>>>> 
>>>> I have a little issue with HiveServer2 since I have enabled Kerberos. I'm
unable to connect to the service via Beeline. When doing 
>>>> !connect jdbc:hive2://192.168.6.210:10000 <http://192.168.6.210:10000/>
hive hive org.apache.hive.jdbc.HiveDriver
>>>> I keep receiving the same error :
>>>> Error: Could not open client transport with JDBC Uri: jdbc:hive2://192.168.6.210:10000
<http://192.168.6.210:10000/>: Peer indicated failure: Unsupported mechanism type PLAIN
(state=08S01,code=0)
>>>> 
>>>> Does anyone had the same problem ? Or know how to solve it ?
>>>> Thanks in advance,
>>>> 
>>>> 
>>>> Loïc
>>>> 
>>>> Loïc CHANEL
>>>> Engineering student at TELECOM Nancy
>>>> Trainee at Worldline - Villeurbanne
>>>> 
>>> 
>>> 
>> 
>> 
>> 
> 
> 


Mime
View raw message