Reply
Contributor
Posts: 57
Registered: ‎07-05-2018

JDBC TLS client connection in beeline

[ Edited ]

Hello Team,

 

We have TLS kerberos enabled CDH 5.15 cluster and while connecting to hive using beeline jdbc i have to defined TLS client connection details in it, Below snap.

 

!connect jdbc:hive2://localhost:10000/default;ssl=true;\ sslTrustStore=/home/usr1/ssl/trust_store.jks;trustStorePassword=xyz;principal=hive/_host@REALM

Every user who is connecting through beeline have to put above details, We do not want to give TLS connection details to users and beeline should pick it automatically.

 

Is there any way i can add TLS client connection url in hive config?

 

- Vijay M 

Master
Posts: 430
Registered: ‎07-01-2015

Re: JDBC TLS client connection in beeline

You can't hide the truststore password from the user, because the beeline application is running in the user's context, thus it needs to know where the truststore is and what is the password.
But you can try to make it more opaque, create a shell or python script and load the password from environment variable.
Cloudera Employee
Posts: 824
Registered: ‎03-23-2015

Re: JDBC TLS client connection in beeline

Like Tomas' said, TrustStore is a client side setting, so there is nothing wrong by exposing it and won't comprise HS2 in anyway. Every user needs to know his/her password to be able to connect to HS2.

If it is cumbersome to type in all the time, it should be simple enough to alias the beeline command in user's .bashrc file.