Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Connecting to Hive in a Kerberized Cluster with local user

avatar
Rising Star

Hi , we are in the process of creating HDP 2.6 cluster where in RHEL OS will be integrated with AD for authentication.

We will using AD as the KDC.

My question if we create a local UNIX user called HIVEUSER and use any BI tool to connect to HIVE using this user, will the local user be able to get authenticated and access Hive tables in kerberized cluster?

or the HIVEUSER should be in AD?

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Akash S

If you have kerberized your cluster using AD, your local user cannot generate a valid Kerberos key unless he/she is present in the AD.


The reason for using AD is to delegate and centralize user creation/authentication/management to Active Directory. You should maybe configure a System Security Services Daemon (SSSD) client to use Active Directory (AD) as an Identity Provider for SSSD


But the best solution is to create your HIVEUSER in AD which will generate the correct keytabs/permission for your user to access hive.

HTH

View solution in original post

4 REPLIES 4

avatar
Master Mentor

@Akash S

If you have kerberized your cluster using AD, your local user cannot generate a valid Kerberos key unless he/she is present in the AD.


The reason for using AD is to delegate and centralize user creation/authentication/management to Active Directory. You should maybe configure a System Security Services Daemon (SSSD) client to use Active Directory (AD) as an Identity Provider for SSSD


But the best solution is to create your HIVEUSER in AD which will generate the correct keytabs/permission for your user to access hive.

HTH

avatar
Rising Star

Thank you very much for this answer.

avatar

The above question and the reply thread below were originally posted in the Community Help Track. On Wed May 22 17:55 UTC 2019, a member of the HCC moderation staff moved it to the Security track. The Community Help Track is intended for questions about using the HCC site itself.

Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Master Mentor

@Akash S

Any updates?