Hi,
Does anyone had a chance to work with JDBC and Oozie against a
Kerberised cluster with AD?
Created the following topology:
- A 3 node Hortonworks cluster HDP 2.6
on top of Linux 7.2.
- 1 Active Directory running on
Windows Server 2012.
- Trusted releations between the
cluster domain and Active Directory domain using CA certificate.
I managed to:
- Connect from Windows client (using
the AD server) to Hive2 server using Hortonworks ODBC driver.
- Connect from any Linux node to Hive2
using Java based beeline.
- I could not yet connect from
Windows client to Hive2 using JDBC connection string.
- I could not yet connect from Windows client to Oozie using https from a browser.
To test Java connection string I am using DbVisualizer
10.0.4.
Following links describe how to connect to a Kerberised
cluster:
https://community.hortonworks.com/articles/73458/connecting-dbvisualizer-and-datagrip-to-hive-with.h...
https://github.com/cyanfr/dbviz_to_hive/wiki/How-I-Connect-DBVisualizer-to-Hive-(including-kerberos-...
But I keep getting GSS initiate failed – meaning it
does not recognize the keytabs:
Klist show
c:\temp>klist
Current LogonId is 0:0x1274b1
Cached Tickets: (2)
#0> Client: Administrator @
LABS.LOCAL
Server:
krbtgt/LABS.LOCAL @ LABS.LOCAL
KerbTicket
Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags
0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize
Start Time:
12/11/2017 15:52:13 (local)
End Time:
12/12/2017 1:52:13 (local)
Renew Time:
12/18/2017 15:52:13 (local)
Session Key Type:
AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x1
-> PRIMARY
Kdc Called:
LABS-DC
#1> Client: Administrator @
LABS.LOCAL
Server: hive/act-no-000474.lab.local @
LABS.LOCAL
KerbTicket
Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags
0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time:
12/11/2017 15:53:15 (local)
End
Time: 12/12/2017 1:52:13 (local)
Renew Time:
12/18/2017 15:52:13 (local)
Session Key Type:
RSADSI RC4-HMAC(NT)
Cache Flags: 0
Kdc Called:
LABS-DC
Regards,
