Member since
03-15-2024
5
Posts
5
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
160 | 03-29-2024 10:29 PM |
03-29-2024
10:29 PM
1 Kudo
@Scharan Thanks! I figured out the issue, following properties were not configured in hive-site hive.server2.authentication.spnego.keytab hive.server2.authentication.spnego.principal
... View more
03-18-2024
07:21 AM
3 Kudos
@smruti This is a new setup. I tried regenerating Hive keytab but still no luck.
... View more
03-16-2024
04:46 PM
1 Kudo
@Scharan hive.server2.transport.mode is already set to http.
... View more
03-15-2024
01:16 PM
I have a kerberized hadoop cluster. Installed knox in kubernetes container with its keytab. Configured knox topology with shiro provider and ldap authentication. I'm able to access webhdfs fine with ldap credentials but Hive is failing with HTTP 401 error. Knox is configured with self-signed cert and hive is not configured with SSL. topology.xml -- Configured with shiro provider and ldap info <service> <role>WEBHDFS</role> <url>http://name1_hostname:50070/webhdfs</url> <url>http://name12_hostname:50070/webhdfs</url> </service> <service> <role>HIVE</role> <url>http://<host_name>:10004/cliservice</url> <param> <name>replayBufferSize</name> <value>8</value> </param> </service> Configured hive-site.xml with below configs in HS2 host hive.server2.thrift.http.port = 10004 hive.server2.thrift.http.path = cliservice hive.server2.transport.mode = http hive.server2.allow.user.substitution = true Configured core-site.xml with below configs in Namenode hosts and HS2 host hadoop.proxyuser.knox.groups = * hadoop.proxyuser.knox.hosts = * hadoop.proxyuser.hive.hosts = * hadoop.proxyuser.hive.groups = * Hive beeline string beeline -u "jdbc:hive2://Knox-hostname:8443/;ssl=true;sslTrustStore=/tmp/gateway.jks;trustStorePassword=knoxpass;transportMode=http;httpPath=gateway/default/hive" -n <username> -p<password> ERROR jdbc.HiveConnection: Error opening session org.apache.thrift.transport.TTransportException: HTTP Response code: 401 at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:262) ~[hive-exec-2.3.6.jar:2.3.6] at org.apache.thrift.transport.THttpClient.flush(THttpClient.java:313) ~[hive-exec-2.3.6.jar:2.3.6] In hiveserver2.log 2024-03-15T19:28:32,967 ERROR [HiveServer2-HttpHandler-Pool: Thread-363] thrift.ThriftHttpServlet: Failed to authenticate with hive/_HOST kerberos principal 2024-03-15T19:28:32,967 ERROR [HiveServer2-HttpHandler-Pool: Thread-363] thrift.ThriftHttpServlet: Error: org.apache.hive.service.auth.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:407) ~[hive-service-2.3.6.jar:2.3.6] Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Authorization header received from the client is empty. at org.apache.hive.service.cli.thrift.ThriftHttpServlet.getAuthHeader(ThriftHttpServlet.java:548) ~[hive-service-2.3.6.jar:2.3.6] at org.apache.hive.service.cli.thrift.ThriftHttpServlet.access$100(ThriftHttpServlet.java:74) ~[hive-service-2.3.6.jar:2.3.6] Caused by: org.apache.hive.service.auth.HttpAuthenticationException: Kerberos authentication failed: at org.apache.hive.service.cli.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:463) ~[hive-service-2.3.6.jar:2.3.6] Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:858) ~[?:1.8.0_352] at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) ~[?:1.8.0_352] Am I missing anything? Any help is appreciated and thanks in advance!
... View more
Labels:
- Labels:
-
Apache Hive
-
Apache Knox
03-15-2024
09:39 AM
@mliem : Did you resolve this issue? if so can you please share what was done? I'm facing the same error when connecting to Hive via Knox.
... View more