You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hive.apache.org by Anilkumar Kalshetti <an...@gmail.com> on 2014/02/06 17:02:27 UTC

Fwd: Coonecting Apache Hive using Kerberos authentication

I want to connect Apache Hive using kerberos authentication.
I've successfully connected PostgreSQL database with kerberos, and followed
similar steps for Apache Hive, but getting exception.
If someone has tried this, Please share the configuration files and steps.

Below are the details:

Connecting to Hiveserver2
Tab1: hadoop all node running, confirmed with jps command
Tab2: hive --service hiveserver2 &
Tab3:
> ./beeline
> !connect jdbc:hive2://192.168.1.78:10000/default ;principal=hive/
pg-server.foobar.com@FOOBAR.COM

Note: After running above command, it prompts for username and password,
[don't give username or password] press enter.


Its showing error message,
Error: Invalid URL: jdbc:hive2://
192.168.1.78:10000/default;principal=hive/pg-server.foobar.com@FOOBAR.COM(state=08S01,code=0)


I have done changes in hive-site.xml, Is there any other file, in which we
need to do changes?
In PostgreSQL database, we add krb5 line in pg_hba.conf, so it will detect
kerberos user.
Is there any file in Hive, where we can mention this krb5 user detail?

Please suggest, where I am getting this wrong?

File: hive-site.xml
========================================================
<?xml version="1.0" encoding="UTF-8"?>

<!--Config-->
<configuration>
<property>
<name>hive.metastore.sasl.enabled</name>
<value>true</value>
<description>If true, the metastore thrift interface will be secured with
SASL. Clients must authenticate with Kerberos.</description>
</property>

<property>
<name>hive.metastore.kerberos.keytab.file</name>
<value>/home/postgres/hive/conf/hive.keytab</value>
<description>The path to the Kerberos Keytab file containing the metastore
thrift server's service principal.</description>
</property>

<property>
<name>hive.metastore.kerberos.principal</name>
<value>hive/pg-server.foobar.com@FOOBAR.COM</value>
<description>The service principal for the metastore thrift server. The
special string _HOST will be replaced automatically with the correct host
name.</description>
</property>
<property>
<name>hive.server2.authentication</name>
<value>KERBEROS</value>
</property>
<property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>hive/pg-server.foobar.com@FOOBAR.COM</value>
</property>
<property>
<name>hive.server2.authentication.kerberos.keytab</name>
<value>/home/postgres/hive/conf/hive.keytab</value>
</property>
</configuration>

===============================================