Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

JDBC TLS client connection in beeline

JDBC TLS client connection in beeline

Explorer

Hello Team,

 

We have TLS kerberos enabled CDH 5.15 cluster and while connecting to hive using beeline jdbc i have to defined TLS client connection details in it, Below snap.

 

!connect jdbc:hive2://localhost:10000/default;ssl=true;\ sslTrustStore=/home/usr1/ssl/trust_store.jks;trustStorePassword=xyz;principal=hive/_host@REALM

Every user who is connecting through beeline have to put above details, We do not want to give TLS connection details to users and beeline should pick it automatically.

 

Is there any way i can add TLS client connection url in hive config?

 

- Vijay M 

2 REPLIES 2

Re: JDBC TLS client connection in beeline

Master Collaborator
You can't hide the truststore password from the user, because the beeline application is running in the user's context, thus it needs to know where the truststore is and what is the password.
But you can try to make it more opaque, create a shell or python script and load the password from environment variable.

Re: JDBC TLS client connection in beeline

Guru
Like Tomas' said, TrustStore is a client side setting, so there is nothing wrong by exposing it and won't comprise HS2 in anyway. Every user needs to know his/her password to be able to connect to HS2.

If it is cumbersome to type in all the time, it should be simple enough to alias the beeline command in user's .bashrc file.
Don't have an account?
Coming from Hortonworks? Activate your account here