You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hive.apache.org by "Savant, Keshav" <Ke...@fisglobal.com> on 2014/04/18 12:22:09 UTC

Kerberized Hive | Remote Access using Keytab

Hi All,

I have successfully Kerberized the CDH5 & Hive. Now I can do a kinit & then issue hive queries.

Next I wanted to access hive remotely from standalone java client using keytab file so that kinit (or credential prompt) can be avoided.

I have written a java code with following lines (based on input from cdh-user google group<https://groups.google.com/a/cloudera.org/forum/#!topic/cdh-user/S7nPFx0w90U>) to solve the above problem, but after that I am getting GSS initiate failed exception.

Configuration conf = new Configuration();
conf.addResource(new java.io.FileInputStream("/installer/hive_jdbc/core-site.xml")); //file placed at this path
SecurityUtil.login(conf,"/path/to/my/keytab/file/user.keytab", "user@domain");

I have also posted the same problem on this<https://groups.google.com/a/cloudera.org/forum/#!topic/cdh-user/S7nPFx0w90U> URL, sample code & logs are posted here.

As per the apache hive wiki on this<https://cwiki.apache.org/confluence/display/Hive/HiveServer2+Clients#HiveServer2Clients-JDBCClientSetupforaSecureCluster> page, a valid ticket needs to be there in ticket cache for hitting a kerberized hive. Can I bypass this & use a keytab for hitting kerberized hive from a standalone java program?

Kindly provide some input/pointers/examples to solve this.

Kind regards,
Keshav C Savant

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

RE: Kerberized Hive | Remote Access using Keytab

Posted by "Savant, Keshav" <Ke...@fisglobal.com>.

Hi All,

Can someone provide some information on below problem?

Kind Regards,
Keshav C Savant

From: Savant, Keshav [mailto:Keshav.C.Savant@fisglobal.com]
Sent: Friday, April 18, 2014 3:52 PM
To: user@hive.apache.org
Subject: Kerberized Hive | Remote Access using Keytab

Hi All,

I have successfully Kerberized the CDH5 & Hive. Now I can do a kinit & then issue hive queries.

Next I wanted to access hive remotely from standalone java client using keytab file so that kinit (or credential prompt) can be avoided.

I have written a java code with following lines (based on input from cdh-user google group<https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/a/cloudera.org/forum/%23%21topic/cdh-user/S7nPFx0w90U&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=n8%2FsNJ1paZ2bqAHakATIk84Ym2qkN8Z0Oh2DW2luaMQ%3D%0A&m=5bmaY2O6gxvhGmAlWv5Rm1CE0ohlHdXuWX97e3K5SX4%3D%0A&s=f8d620a00927b0d175986961186dd09268d50bd540d4340e74c68f8ba0a2cc53>) to solve the above problem, but after that I am getting GSS initiate failed exception.

Configuration conf = new Configuration();
conf.addResource(new java.io.FileInputStream("/installer/hive_jdbc/core-site.xml")); //file placed at this path
SecurityUtil.login(conf,"/path/to/my/keytab/file/user.keytab", "user@domain");

I have also posted the same problem on this<https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/a/cloudera.org/forum/%23%21topic/cdh-user/S7nPFx0w90U&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=n8%2FsNJ1paZ2bqAHakATIk84Ym2qkN8Z0Oh2DW2luaMQ%3D%0A&m=5bmaY2O6gxvhGmAlWv5Rm1CE0ohlHdXuWX97e3K5SX4%3D%0A&s=f8d620a00927b0d175986961186dd09268d50bd540d4340e74c68f8ba0a2cc53> URL, sample code & logs are posted here.

As per the apache hive wiki on this<https://urldefense.proofpoint.com/v1/url?u=https://cwiki.apache.org/confluence/display/Hive/HiveServer2%26%2343%3BClients%23HiveServer2Clients-JDBCClientSetupforaSecureCluster&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=n8%2FsNJ1paZ2bqAHakATIk84Ym2qkN8Z0Oh2DW2luaMQ%3D%0A&m=5bmaY2O6gxvhGmAlWv5Rm1CE0ohlHdXuWX97e3K5SX4%3D%0A&s=eba097fe03762745b0271351811bc5ce726f5d5cc4dcb5e6137f6eb67cdff4b7> page, a valid ticket needs to be there in ticket cache for hitting a kerberized hive. Can I bypass this & use a keytab for hitting kerberized hive from a standalone java program?

Kindly provide some input/pointers/examples to solve this.

Kind regards,
Keshav C Savant
_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.