Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Connecting to Hive in a Kerberized Cluster with local user

Labels:
avatar
author-rank akash_sabarad
Rising Star

Created ‎05-22-2019 04:18 AM

Hi , we are in the process of creating HDP 2.6 cluster where in RHEL OS will be integrated with AD for authentication.

We will using AD as the KDC.

My question if we create a local UNIX user called HIVEUSER and use any BI tool to connect to HIVE using this user, will the local user be able to get authenticated and access Hive tables in kerberized cluster?

or the HIVEUSER should be in AD?

2,017 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Shelton
Master Mentor

Created ‎05-22-2019 12:33 PM

@Akash S

If you have kerberized your cluster using AD, your local user cannot generate a valid Kerberos key unless he/she is present in the AD.


The reason for using AD is to delegate and centralize user creation/authentication/management to Active Directory. You should maybe configure a System Security Services Daemon (SSSD) client to use Active Directory (AD) as an Identity Provider for SSSD


But the best solution is to create your HIVEUSER in AD which will generate the correct keytabs/permission for your user to access hive.

HTH

View solution in original post

1,913 Views
0 Kudos
4 REPLIES 4

avatar
author-rank Shelton
Master Mentor

Created ‎05-22-2019 12:33 PM

@Akash S

If you have kerberized your cluster using AD, your local user cannot generate a valid Kerberos key unless he/she is present in the AD.


The reason for using AD is to delegate and centralize user creation/authentication/management to Active Directory. You should maybe configure a System Security Services Daemon (SSSD) client to use Active Directory (AD) as an Identity Provider for SSSD


But the best solution is to create your HIVEUSER in AD which will generate the correct keytabs/permission for your user to access hive.

HTH

1,914 Views
0 Kudos

avatar
author-rank akash_sabarad
Rising Star

Created ‎06-24-2019 07:04 PM

Thank you very much for this answer.

1,913 Views
0 Kudos

avatar
ask_bill_brooks author-rank
Moderator

Created ‎05-22-2019 05:59 PM

The above question and the reply thread below were originally posted in the Community Help Track. On Wed May 22 17:55 UTC 2019, a member of the HCC moderation staff moved it to the Security track. The Community Help Track is intended for questions about using the HCC site itself.

Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,913 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎05-26-2019 10:47 AM

@Akash S

Any updates?

1,913 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements