Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to use Kerberos Authentication in Sqoop?

Labels:
avatar
author-rank reddy_gayathri
Rising Star

Created ‎10-19-2016 08:53 AM

I want to kerberize the sqoop job. What is the process? What are the things to be taken care to run the sqoop job in Kerberos environement? I didn't find any documentation on this. Your help is most important.

9,511 Views
0 Kudos
5 REPLIES 5

avatar
author-rank bhagan author-rank
Super Collaborator

Created ‎10-19-2016 02:41 PM

Kerberos is used for authentication, so you would follow the instructions for Kerberizing your cluster as found here:

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ch_hdp-security-guide-ov...

Once you create Principals for your users, they will be able to authenticate using Kerberos and run sqoop jobs.

5,963 Views

avatar
author-rank jkotireddy author-rank
Rising Star

Created ‎10-19-2016 08:09 PM

This may help too:

https://cwiki.apache.org/confluence/display/SQOOP/Security+Guide+On+Sqoop+2

you need to create Principals for sqoop.

5,963 Views

avatar
author-rank reddy_gayathri
Rising Star

Created ‎10-24-2016 08:24 AM

We are not using Sqoop2. Does the security guide applies to Sqoop too?

5,963 Views
0 Kudos

avatar
author-rank mageru
Contributor

Created ‎03-14-2017 03:56 AM

I have found a solution to this provided by another user here: https://community.hortonworks.com/questions/20719/sqoop-to-sql-server-with-integrated-security.html

Basically if you switch to the jtds driver which you can download here: http://jtds.sourceforge.net/

Per Rajendra Manjunath

"

Sqoop SQL Server data import to HDFS worked with manual parametric the authentication(using windows credential) with added parameter on the SQL Server JDBC driver, as integrated security is not supported by the SQL driver as of now due to the Kerberos authentication(Delegated tokens distributed over cluster while running MR job).

So we need to pass the windows authentication with password and with the integrated security disabled mode to import the data to the system. As normal SQL server driver does not support, so I had used the jtds.jar and the different driver class to pull the data to the Hadoop Lake.

Sample Command I tried on the server as follows,

sqoop import --table Table1 --connect "jdbc:jtds:sqlserver://<Hostname>:<Port>;useNTLMv2=true;domain=<WindowsDomainName>;databaseName=XXXXXXXXXXXXX" \

--connection-manager org.apache.sqoop.manager.SQLServerManager --driver net.sourceforge.jtds.jdbc.Driver --username XXXXX --password 'XXXXXXX' \

--verbose --target-dir /tmp/33 -m 1 -- --schema dbo

"

Here are some examples that worked for me:

# List databases

sqoop list-databases --connect "jdbc:jtds:myactivedirectorydomain.com" --connection-manager org.apache.sqoop.manager.SQLServerManager --driver net.sourceforge.jtds.jdbc.Driver --username XXXXX -P

# List tables

sqoop list-tables --connect "jdbc:jtds:myactivedirectorydomain.com;databaseName=DATABASENAMEHERE" --connection-manager org.apache.sqoop.manager.SQLServerManager --driver net.sourceforge.jtds.jdbc.Driver --username jmiller.admin -P

# Pull data example

sqoop import --table TABLENAMEHERE --connect "jdbc:jtds:myactivedirectorydomain.com;databaseName=DATABASENAMEHERE" --connection-manager org.apache.sqoop.manager.SQLServerManager --driver net.sourceforge.jtds.jdbc.Driver --username XXXXX -P --fields-terminated-by '\001' --target-dir /user/XXXXX/20170313 -m 1 -- --schema dbo

Note* In the above example you need to change the username to your username and database name in the list-tables or pull to the one you need (note the AD account you use will require access to the data).

5,963 Views

avatar
author-rank rajsyrus
Expert Contributor

Created ‎03-14-2017 04:58 AM

This article will help you to implement kerberos and add kerberos principal:

https://sqoop.apache.org/docs/1.99.7/security/AuthenticationAndAuthorization.html

5,963 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements