You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@livy.apache.org by Wing Yew Poon <wy...@cloudera.com> on 2019/10/04 16:56:47 UTC

Re: Kerberos authentication of user in Thrift server

To answer my own question:
I needed to set

livy.server.thrift.authentication=kerberos

on the server side, in order for Kerberos authentication to be used in
the Thrift server.

On Thu, Sep 26, 2019 at 10:30 PM Wing Yew Poon <wy...@cloudera.com> wrote:
>
> Hi,
> I am trying out the Livy 0.6 Thrift server in a secure cluster. My Livy has
>
> livy.server.auth.type=kerberos
> livy.tls.enabled=true
>
> I connect to the Thrift server using the beeline shipped by Hive.
> I use a user that has a Kerberos principal and I am kinit'd as that principal.
> However, Livy doesn't seem to make use of these Kerberos credentials.
> It tries to start the Spark application as "anonymous", which fails on
> my system.
> I had to use "-n <user> -p <arbitrary_password>" in the beeline
> command in order for Livy to run Spark as my user. (The password
> doesn't seem to matter.)
> I am also able to run beeline with "-n <user> -p <arbitrary_password>"
> as any other user without being kinit'd. Thus the Kerberos credentials
> do not seem to be used at all.
> Does the Livy Thrift server not support Kerberos authentication of the user?
> - Wing Yew