Support Questions

toide · ‎08-09-2018

Is it possible to enable multiple authentication mechanisms simultaneously in HiveServer2?

e.g. SIMPLE + LDAP, LDAP + Kerberos

Or, selecting PAM authentication and controlling multiple authentication mechanisms in PAM configuration is the solution to my question?

falbani · ‎08-09-2018

@Takefumi Oide

No, but you can have multiple hiveserver2 processes configured with different authentication mechanisms.

Lets say you need to have all the auth mechanisms listed above, then you add 1 hiveserver 2 process and configure it with SIMPLE+LDAP and then add another hiveserver2 process and configure it with LDAP+Kerberos.

With ambari this can be done using config groups.

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

View solution in original post

falbani · ‎08-09-2018

@Takefumi Oide

No, but you can have multiple hiveserver2 processes configured with different authentication mechanisms.

Lets say you need to have all the auth mechanisms listed above, then you add 1 hiveserver 2 process and configure it with SIMPLE+LDAP and then add another hiveserver2 process and configure it with LDAP+Kerberos.

With ambari this can be done using config groups.

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

toide · ‎08-10-2018

Thank you for your answer and suggestion.

You wrote "configure it with SIMPLE+LDAP and then add another hiveserver2 process and configure it with LDAP+Kerberos". It looks like we can use multiple authentication mechanisms in 1 HS2 process ("SIMPLE+LDAP"), but it is just a copy-and-paste from my question, right? I'm sorry for my confusing expression. "SIMPLE+LDAP" I wrote in my question was intended "using SIMPLE auth and LDAP auth simultaneously".

Unfortunately having 2 HS2 instances is not suited for my case, but in another case, I thought this is helpful if there's strong request to do so.

falbani · ‎08-10-2018

@Takefumi Oide only 1 authentication mechanism per hiveserver2 - sorry for the confusion, I did copy pasted 🙂 - So that would be 4 hiveserver2 with single authentication mechanisms each.

toide · ‎08-10-2018

OK! Thank you for your reply.

hamdan · ‎08-11-2018

Use Knox

If you are going to authenticate using LDAP use Knox IP eg.(jdbc:hive2://<knox_host>:8443/;ssl=true;sslTrustStore=/var/lib/knox/data/security/keystores/gateway.jks;trustStorePassword=<master_secret>;transportMode=http;httpPath=gateway/default/hive)

and if you are going to use simple auth. connect to hive jdbc directly (zookeeper or hive server IP).

toide · ‎08-11-2018

Thank you for your answer!

Unfortunately, I can't use Knox in my case. But this way is very interesting.

Cloudera Community

Support Questions

Is it possible to enable 2 or more authentication mechanism simultaneously in HiveServer2?