Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to enable Hive SASL on kerberized cluster?

Labels:
avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎03-09-2016 03:29 AM

On kerberized cluster I understand for j/odbc via TCP only SASL is supported. How do i enabled SASL via ambari for hiveserver2. I only see SSL button.

2,291 Views
1 ACCEPTED SOLUTION

avatar
author-rank amcbarnett
Guru

Created ‎03-09-2016 03:43 AM

hive.server2.thrift.sasl.qop in hive-site.xml has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').

https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integri...

Then use as for example:

jdbc:hive://hostname/dbname;sasl.qop=auth-int|auth|auth-conf

jdbc:hive2://sandbox.hortonworks.com:10001/default;principal=hive/sandbox.hortonworks.com@HORTONWORKS.COM?transportMode=http;httpPath=cliservice;auth=kerberos;sasl.qop=auth-int

See

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-connect.h...

View solution in original post

1,761 Views
3 REPLIES 3

avatar
author-rank amcbarnett
Guru

Created ‎03-09-2016 03:43 AM

hive.server2.thrift.sasl.qop in hive-site.xml has to be set to one of the valid QOP values ('auth', 'auth-int' or 'auth-conf').

https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Integri...

Then use as for example:

jdbc:hive://hostname/dbname;sasl.qop=auth-int|auth|auth-conf

jdbc:hive2://sandbox.hortonworks.com:10001/default;principal=hive/sandbox.hortonworks.com@HORTONWORKS.COM?transportMode=http;httpPath=cliservice;auth=kerberos;sasl.qop=auth-int

See

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Security_Guide/content/ch_wire-connect.h...

1,762 Views

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎03-09-2016 04:38 AM

@Ancil McBarnett Awesome feedback! I have follow up (maybe I will ask another HCC question). Can client connect using a lower standard like auth-int or auth if hive.server2.thrift.sasl.qop is set to auth-conf on hiveserver2?

1,761 Views

avatar
author-rank mherring
Guru

Created ‎03-09-2016 02:37 PM

Hi @Sunile Manjee please ask the follow on as a separate question.

1,761 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements