Created 08-15-2018 07:55 PM
My cluster is kerberized and I am able to access HIVE through beeline from any of the node inside the cluster. I use the following command to connect :
beeline -u 'jdbc:hive2://<Node Name>:10000/default;principal=hive/<Node Name>@MYCOMPANY.CORP'
What I am trying to do is to connect to HIVE from my laptop(Mac OS).
In my MAC, I did "kinit <myuser name>" and it generated a ticket for me, but I do not know where it is stored or where the cache is present. I have beeline client in my laptop and I tried the same command:
beeline -u 'jdbc:hive2://<Node Name>:10000/default;principal=hive/<Node Name>@MYCOMPANY.CORP'
It kicks me out saying "Can't get Kerberos realm (state=08S01,code=0)"
Has anyone connected to HIVE using beeline using kerberos authentication ?
Thanks
Kumar
Created 08-15-2018 11:02 PM
"Can't get Kerberos realm (state=08S01,code=0)" is the expected errors stack, because your Mac OS doesn't know of the REALM.
You will need to copy the file /etc/krb5.conf from your cluster, this file contains the connection information to your REALM. Please have a look at this Mac OS link it should be of help, unfortunately, I am on Windows.
HTH
Created 08-15-2018 11:29 PM
Hello @Kumar Veerappan!
Looks like you can't reach the REALM.
Check your /etc/krb5.conf, here's my example:
MYMAC:etc vmurakami$ cat /etc/krb5.conf [libdefaults] renew_lifetime = 7d forwardable = true default_realm = EXAMPLE.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] EXAMPLE.COM = { admin_server = vmurakami-1 kdc = vmurakami-1 }
And also, after you got the keytab (if you don't have it, then if it's possible, copy the same keytab valid and used in the HS2 hosts to your mac), check if it's valid with the following command:
[root@vmurakami-1 ~]# klist -ef Ticket cache: FILE:/tmp/krb5cc_0 Default principal: zookeeper/vmurakami-1@EXAMPLE.COM Valid starting Expires Service principal 08/15/2018 23:23:31 08/16/2018 23:23:31 krbtgt/EXAMPLE.COM@EXAMPLE.COM Flags: FI, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
If you're still having issues, please share with us the whole error.
Hope this helps!