Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Connecting to Hive in a Kerberized Cluster with local user

Solved Go to solution
Highlighted

Connecting to Hive in a Kerberized Cluster with local user

New Contributor

Hi , we are in the process of creating HDP 2.6 cluster where in RHEL OS will be integrated with AD for authentication.

We will using AD as the KDC.

My question if we create a local UNIX user called HIVEUSER and use any BI tool to connect to HIVE using this user, will the local user be able to get authenticated and access Hive tables in kerberized cluster?

or the HIVEUSER should be in AD?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Connecting to Hive in a Kerberized Cluster with local user

Mentor

@Akash S

If you have kerberized your cluster using AD, your local user cannot generate a valid Kerberos key unless he/she is present in the AD.


The reason for using AD is to delegate and centralize user creation/authentication/management to Active Directory. You should maybe configure a System Security Services Daemon (SSSD) client to use Active Directory (AD) as an Identity Provider for SSSD


But the best solution is to create your HIVEUSER in AD which will generate the correct keytabs/permission for your user to access hive.

HTH

4 REPLIES 4

Re: Connecting to Hive in a Kerberized Cluster with local user

Mentor

@Akash S

If you have kerberized your cluster using AD, your local user cannot generate a valid Kerberos key unless he/she is present in the AD.


The reason for using AD is to delegate and centralize user creation/authentication/management to Active Directory. You should maybe configure a System Security Services Daemon (SSSD) client to use Active Directory (AD) as an Identity Provider for SSSD


But the best solution is to create your HIVEUSER in AD which will generate the correct keytabs/permission for your user to access hive.

HTH

Re: Connecting to Hive in a Kerberized Cluster with local user

New Contributor

Thank you very much for this answer.

Re: Connecting to Hive in a Kerberized Cluster with local user

Community Manager

The above question and the reply thread below were originally posted in the Community Help Track. On Wed May 22 17:55 UTC 2019, a member of the HCC moderation staff moved it to the Security track. The Community Help Track is intended for questions about using the HCC site itself.

Bill Brooks, Community Manager
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Re: Connecting to Hive in a Kerberized Cluster with local user

Mentor

@Akash S

Any updates?