hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Margus Roo <mar...@roo.ee>
Subject Re: Using Kerberos with a Pre-Authenticated Subject
Date Mon, 19 Sep 2016 07:23:56 GMT
jdbc:hive2://hadoopnn1.estpak.ee:10000/;principal=hive/_HOST@TESTHADOOP.COM;auth=kerberos;kerberosAuthType=fromSubject.

- this works. Added dot at the end of the string.

Margus (margusja) Roo
http://margus.roo.ee
skype: margusja
+372 51 48 780

On 16/09/16 14:38, Margus Roo wrote:
>
> Hive version 1.2.1.2.3
>
> Margus (margusja) Roo
> http://margus.roo.ee
> skype: margusja
> +372 51 48 780
> On 16/09/16 14:31, Margus Roo wrote:
>> Hi
>>
>> I am trying configure Toad for Hadoop SQL part. Kerberos in enabled 
>> in my cluster.
>>
>> I can see that Toad generates JDBC string ending with ...; 
>> auth=kerberos;kerberosAuthType=fromSubject
>>
>> When I testing this string in my beeline:
>>
>> [margroo@hadoopnn1 ~]$ klist
>> Ticket cache: FILE:/tmp/krb5cc_1414255929
>> Default principal: margroo@REALM.COM
>>
>> Valid starting       Expires              Service principal
>> 09/16/2016 14:25:45  09/17/2016 00:25:45 krbtgt/REALM.COM@REALM.COM
>>         renew until 09/23/2016 14:25:39
>>
>> I am getting error:
>>
>> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
>> GSSException: No valid credentials provided (Mechanism level: Failed 
>> to find any Kerberos tgt)]
>>
>>
>> When removing last part then it works:
>>
>> 0: jdbc:hive2://hadoopnn1.example.com:10000/ (closed)> !connect 
>> jdbc:hive2://hadoopnn1.example.com:10000/;principal=hive/_HOST@TESTHADOOP.COM 
>>
>> Connecting to 
>> jdbc:hive2://hadoopnn1.example.com:10000/;principal=hive/_HOST@TESTHADOOP.COM
>> Enter username for 
>> jdbc:hive2://hadoopnn1.example.com:10000/;principal=hive/_HOST@TESTHADOOP.COM:
>> Enter password for 
>> jdbc:hive2://hadoopnn1.example.com:10000/;principal=hive/_HOST@TESTHADOOP.COM:
>> Connected to: Apache Hive (version 1.2.1.2.3.4.0-3485)
>> Driver: Hive JDBC (version 1.2.1.2.3.4.0-3485)
>> Transaction isolation: TRANSACTION_REPEATABLE_READ
>> 1: jdbc:hive2://hadoopnn1.example.com:10000/>
>>
>>
>> The problem is that Toad for Hadoop forcing ... 
>> auth=kerberos;kerberosAuthType=fromSubject
>>
>


Mime
View raw message