Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hiverser2 with PAM security gives Login error

Highlighted

Hiverser2 with PAM security gives Login error

Contributor

HDP 2.3 Ambari 2.1

I have setup Hiveserver2 secured with PAM authentication. On beeline, all my users are getting authenticated successfully after enabling the PAM. My ranger is also provide perfect auditing and access authorization. The Hive View is not working with PAM. In Hiveserver2.log, I am getting these error on every minute. I would like to know which user or service account is having this issue:

2016-03-17 22:55:02,961 ERROR [HiveServer2-Handler-Pool: Thread-59]: transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: login] at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109) at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283) at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: login at org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:46) at org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106) at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102) ... 8 more

1 REPLY 1

Re: Hiverser2 with PAM security gives Login error

First I want to congratulate you on your choice of PAM authentication. I have a personal crusade against Kerberos for database authentications. Too many problems with too many different JDBC clients.

However I also saw SASL exceptions in the log. I ignored them since they didn't seem to make any problems.

Regarding Hive Views I am not sure if its possible to configure LDAP/PAM authentication for Hive. The documentation doesn't seem to mention them, only kerberos. Perhaps someone from the hive dev team can provide an input?

http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.1/bk_ambari_views_guide/content/section_kerber...