My group is utilizing NiFi secured using LDAP and connecting to a secured Hadoop cluster that utilizes Keberos. I have used Kerberos principal/keytab to connect to Hadoop but have seen some inconsistent connections. Sometimes NiFi SelectHiveQL processor will error out stating 'No Valid Credentials' can be found even though the keytab authenticates using kinit. To avoid this issue I have attempted to use our Knox service.
Knox seems to consistently be successful. I have tried removing Kerberos principal/keytab from HiveConnectionPool but I receive an error stating, 'HiveConfigurator is invalid because Kerberos Keytab/Principal must be provided when using a secure configuration'. My understanding is by using Knox I should not need a Keytab/Principal. Am I incorrect in my understanding?
Most of the examples I have seen show case NiFi cluster being fully integrated into Kerberos or Knox. What have I been looking for is just utilizing a Kerberized\Knox connection which seems to be done less from what I have seen on the forums.
Can I access Hive through Knox without needing a keytab/principal defined and how would I setup this connection?
NiFi v1.5 Prod & NiFi v1.6 Dev
If not a keytab you should have the trust store of the hive and pass it along for the knox to connect to hive. So if you are making a db connection it should look something like