Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Connect hive with trust AD domain user

Labels:
avatar
author-rank cjay
New Contributor

Created ‎09-09-2020 12:38 AM

Hi,

I set up a Kerberos authenticated hive server, and there is a windows AD domain, I want to  connect to hive server using the AD domain users. 

Now I have set up cross realm trust between the Windows AD server and the Kerberos KDC, and can successfully initialize the ticket for AD users by using "kinit", but cannot generate keytab file for AD users. Is there any way to use AD users to connect to hive server?

 

Thanks

1,107 Views
0 Kudos
1 REPLY 1

avatar
author-rank cjay
New Contributor

Created ‎09-29-2020 12:28 AM

I have fixed it.

Need to translate principal names from the Active Directory realm into the KDC realm.

Configure the hadoop.security.auth_to_local setting in the core-site.xml file

<property>
  <name>hadoop.security.auth_to_local</name>
  <value>
    RULE:[1:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g
    RULE:[2:$1@$0](^.*@AD_REALM\.COM$)s/^(.*)@AD_REALM\.COM$/USER_YOU_WANT_TO_USE/g
    DEFAULT
  </value>
</property>

You can test these rulesets by using "hadoop kerbname" or "hadoop org.apache.hadoop.security.HadoopKerberosName"

1,073 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements