Support Questions
Find answers, ask questions, and share your expertise

Hive metastore and postgres authentication to Kerberos infrastructure

Solved Go to solution

Hive metastore and postgres authentication to Kerberos infrastructure

Expert Contributor

I am working with a customer who complains of recurring production issue (about once a month) due to overloading auth requests to their Kerberos infrastructure (10’s of thousands of auth attempts within a very short time-frame) - and any help with the below questions would be very appreciated.

Apparently, these requests come from their Hive Metastore Service (aka HMS) account “hcatalog” and their postgres database host. The customer would like better understand how HMS and the postgres metastore handle authentication requests ??

  • It kind of makes sense to have some form of ticket caching to keep these auth attempts fairly low – no?
    • If yes, that should be the expectation. Is this driven by some kind configuration on the HMS or Postgre side (that the customer has perhaps, either mis-configured or missing) ?

Thanks and let me know your thoughts.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Hive metastore and postgres authentication to Kerberos infrastructure

Expert Contributor

Working further with our support team and customer, it was determined that this issue was coming mostly from Postgres side. The reason being the ticket caching was not enabled for the PG side, and the customer is currently working on enabling the same.

This document link should talk about enabling caching from Postgres - http://jpmens.net/2012/06/23/postgresql-and-kerberos/

As far as the above question on multiple requests on the same session goes - Yes, Hive metastore does caching my default, and the multiple commands executed within the same HS2 session is translated to a single auth request due to caching at the HMS level

View solution in original post

1 REPLY 1

Re: Hive metastore and postgres authentication to Kerberos infrastructure

Expert Contributor

Working further with our support team and customer, it was determined that this issue was coming mostly from Postgres side. The reason being the ticket caching was not enabled for the PG side, and the customer is currently working on enabling the same.

This document link should talk about enabling caching from Postgres - http://jpmens.net/2012/06/23/postgresql-and-kerberos/

As far as the above question on multiple requests on the same session goes - Yes, Hive metastore does caching my default, and the multiple commands executed within the same HS2 session is translated to a single auth request due to caching at the HMS level

View solution in original post