Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Connect hive with trust AD domain user

Connect hive with trust AD domain user

New Contributor

Hi,

I set up a Kerberos authenticated hive server, and there is a windows AD domain, I want to  connect to hive server using the AD domain users. 

Now I have set up cross realm trust between the Windows AD server and the Kerberos KDC, and can successfully initialize the ticket for AD users by using "kinit", but cannot generate keytab file for AD users. Is there any way to use AD users to connect to hive server?

 

Thanks

1 REPLY 1
Highlighted

Re: Connect hive with trust AD domain user

New Contributor

I have fixed it.

Need to translate principal names from the Active Directory realm into the KDC realm.

Configure the hadoop.security.auth_to_local setting in the core-site.xml file

<property>
  <name>hadoop.security.auth_to_local</name>
  <value>
    RULE:[1:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g
    RULE:[2:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g
    DEFAULT
  </value>
</property>

You can test these rulesets by using "hadoop kerbname" or "hadoop org.apache.hadoop.security.HadoopKerberosName"

Don't have an account?
Coming from Hortonworks? Activate your account here