Support Questions
Find answers, ask questions, and share your expertise

Connect hive with trust AD domain user

Connect hive with trust AD domain user

New Contributor

Hi,

I set up a Kerberos authenticated hive server, and there is a windows AD domain, I want to  connect to hive server using the AD domain users. 

Now I have set up cross realm trust between the Windows AD server and the Kerberos KDC, and can successfully initialize the ticket for AD users by using "kinit", but cannot generate keytab file for AD users. Is there any way to use AD users to connect to hive server?

 

Thanks

1 REPLY 1

Re: Connect hive with trust AD domain user

New Contributor

I have fixed it.

Need to translate principal names from the Active Directory realm into the KDC realm.

Configure the hadoop.security.auth_to_local setting in the core-site.xml file

<property>
  <name>hadoop.security.auth_to_local</name>
  <value>
    RULE:[1:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g
    RULE:[2:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g
    DEFAULT
  </value>
</property>

You can test these rulesets by using "hadoop kerbname" or "hadoop org.apache.hadoop.security.HadoopKerberosName"