I could not resolve the problem.
I have debugged the code and I found out that:
1. On the org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge class line 208
....
UserGroupInformation.getCurrentUser return (). Two (....
..
This method always returns the user of the operative system but and I need
authenticate the user set on the property: hive.server2.proxy.user=yourid
because I have a token for this one.
2. I have found out that the hive.server2.proxy.user is implemented on the
org.apache.hive.jdbc.HiveConnection class method: openSession() but this code
is never executed.
3. On the org.apache.hive.service.auth.HiveAuthFactory class there is this code
on the method getAuthTransFactory():
....
if (authTypeStr.equalsIgnoreCase(AuthTypes.KERBEROS.getAuthName())) {
// no-op
....
It means that Kerberos authentication is not implemented?
Please anyone can help me??
Thanks,
Ricardo.
________________________________
From: Dulam, Naresh <[email protected]>
Sent: Thursday, January 26, 2017 8:41:48 AM
To: [email protected]
Subject: RE: Pls Help me - Hive Kerberos Issue
Kinit yourid -k -t your.keytab [email protected]
# Connect using following JDBC connection string
#
jdbc:hive2://myHost.myOrg.com:10000/default;principal=hive/[email protected];hive.server2.proxy.user=yourid
From: Ricardo Fajardo [mailto:[email protected]]
Sent: Thursday, January 26, 2017 1:37 AM
To: [email protected]
Subject: Pls Help me - Hive Kerberos Issue
Hello,
Please I need your help with the Kerberos authentication with Hive.
I am following this guide:
https://www.cloudera.com/documentation/enterprise/5-4-x/topics/cdh_sg_hiveserver2_security.html#topic_9_1_1
But I am getting this error:
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism
level: Failed to find any Kerberos tgt)
I have a remote Kerberos server and I can generate a token with kinit for my
user. I created a keytab file with my passwd for my user. Please tell me if it
is ok.
On the another hand when I am debugging the hive code the operative system user
is authenticated but I need authenticate my Kerberos user, can you tell me how
I can achieve that? How can I store my tickets where Hive can load it?? or How
can I verify where Hive is searching the tickets and what Hive is reading??
Thanks so much for your help.
Best regards,
Ricardo.
________________________________
This message, and any attachments, is for the intended recipient(s) only, may
contain information that is privileged, confidential and/or proprietary and
subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer. If you are not the intended
recipient, please delete this message.
