Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

beeline in kerberized cluster

Solved Go to solution

beeline in kerberized cluster

Expert Contributor

Hi All,

to connect beeline, the following steps work

1. kinit as user hr1

2. beeline connect URL

!connect jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local;auth=kerberos

Then it asks for user name, password - for which just press enter

Once we are in, which user is it

1) is it hr1

2) is it hive user on behalf of hr1

3) it is hive user

whose permissions will work?

can someone please explain the token delegation that happens here. Also is it the right way to connect using beeline.

thanks,

Avijeet

1 ACCEPTED SOLUTION

Accepted Solutions

Re: beeline in kerberized cluster

Guru

Hi @Avijeet Dash,

do you have impersonation enabled ('doAs') ?

check this out, hth....

4 REPLIES 4
Highlighted

Re: beeline in kerberized cluster

New Contributor

The user that has the kerberos ticket will be the authenticated user

you can confirm

kdestroy

kinit as hr1

then klist to check

then beeline

beeline -u ' jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local'

all actions will be of the authenticated user via kerberos

please see this article

https://community.hortonworks.com/questions/22897/kerberos-principal-should-have-3-parts.html

Re: beeline in kerberized cluster

Expert Contributor

thanks @mthiele

However I noticed while doing a HIVE command - the permissions of hive service principal is taking precedence over the authenticated user

load data inpath '/tmp/sample_07.csv' into table sample_07;

Re: beeline in kerberized cluster

Guru

Hi @Avijeet Dash,

do you have impersonation enabled ('doAs') ?

check this out, hth....

Re: beeline in kerberized cluster

Expert Contributor

thanks @Gerd Koenig