Support Questions

Find answers, ask questions, and share your expertise

Hive ODBC on Kerberos

avatar
Explorer

When I give the hive ODBC configuration as follows, I am getting this error:

[Hortonworks][Hardy] (34) Error from server: Bad Status: HTTP/1.1 500 Server Error.

Configuration:

Service discovery mode: No Service Discovery

Host: Knox gateway host

Port: 8443 (Knox port)

Authentication mechanism: Username and Password

Thrift transport: HTTP

1 ACCEPTED SOLUTION

avatar
Explorer

@Geoffrey Shelton Okot Thanks Geoffrey. I got it to work. Used Kerberos as the authentication mechanism. Hive was expecting a Kerberos ticket from Knox.

@Ajay Thanks. Will try with Zookeeper. Yes, able to connect to Hive via beeline. And I have HTTP as the transport mode.

View solution in original post

5 REPLIES 5

avatar
Master Mentor

odbc-kerberos.jpg@kerra

If you cluster is Kerberized you MUST choose under you cluster is Kerberized you MUST choose under Authentication Kerberos ,REALM Host FQDN etc

avatar
Expert Contributor

@kerra Check if HiveServer2 you are trying to connect is configured properly in knox. Also check if HiveServer2 is set to

hive.server2.transport.mode=http

If zookeeper hosts are accessible than i will recommend using discovery as it will auto detect port,host and other details. Are you able to connect to hive via beeline?

avatar
Explorer

@Geoffrey Shelton Okot Thanks Geoffrey. I got it to work. Used Kerberos as the authentication mechanism. Hive was expecting a Kerberos ticket from Knox.

@Ajay Thanks. Will try with Zookeeper. Yes, able to connect to Hive via beeline. And I have HTTP as the transport mode.

avatar
Explorer

Some other steps taken:

1. Create a knox.crt file

2. Place it in the cacerts folder in /etc/pki/java

3. Download this cert to the machine where ODBC needs to be configured.

4. Give this path in the SSL options, in the ODBC configuration and check the 'enable SSL' box.

5. Give Kerberos as authentication mechanism, in the ODBC configuration.

6. Give knox URL and port as the host and port, in the ODBC configuration

avatar
Master Mentor

@kerra

Was it self signed certificate of CA?