Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Knox impersonation issue

Solved Go to solution

Re: Knox impersonation issue

Hi @Vishal Shah, you also need, in Hive-->Configs:

webhcat.proxyuser.knox.groups=*
webhcat.proxyuser.knox.hosts=*
hive.server2.allow.user.substitution=true

Try knox.groups and hosts first with "*" and if it works reduce permissions to for example "users" and your KNOX host FQDN. Full manual here, scroll down to the Hive section.

Re: Knox impersonation issue

Explorer

Hi Predrag,

We tried this as well. But issue still exist.

It is strange that using beeline with same jdbc connection string i am able to execute queries successfully.

But when running from an application it does not work.

Re: Knox impersonation issue

I didn't understand that beeline was working via Knox already. A few questions then:

  1. What application is making the HS2 call via Knox?
  2. Is the application using JDBC or ODBC drivers and what version?
  3. What does your JDBC connect string look like (without real hostname or passwords of course)?

Re: Knox impersonation issue

Explorer

Hi Kevin,

Thanks for the reply. I was away for a while couldn't follow up on the issue.

With the new cluster setup, we do not see this issue anymore. I believe issue was due to improper configuration.

Re: Knox impersonation issue

Explorer

With the new cluster setup, we do not see this issue anymore. I believe issue was due to improper configuration.