Support Questions

Find answers, ask questions, and share your expertise

beeline in kerberized cluster

avatar
Super Collaborator

Hi All,

to connect beeline, the following steps work

1. kinit as user hr1

2. beeline connect URL

!connect jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local;auth=kerberos

Then it asks for user name, password - for which just press enter

Once we are in, which user is it

1) is it hr1

2) is it hive user on behalf of hr1

3) it is hive user

whose permissions will work?

can someone please explain the token delegation that happens here. Also is it the right way to connect using beeline.

thanks,

Avijeet

1 ACCEPTED SOLUTION

avatar
Guru

Hi @Avijeet Dash,

do you have impersonation enabled ('doAs') ?

check this out, hth....

View solution in original post

4 REPLIES 4

avatar
Contributor

The user that has the kerberos ticket will be the authenticated user

you can confirm

kdestroy

kinit as hr1

then klist to check

then beeline

beeline -u ' jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local'

all actions will be of the authenticated user via kerberos

please see this article

https://community.hortonworks.com/questions/22897/kerberos-principal-should-have-3-parts.html

avatar
Super Collaborator

thanks @mthiele

However I noticed while doing a HIVE command - the permissions of hive service principal is taking precedence over the authenticated user

load data inpath '/tmp/sample_07.csv' into table sample_07;

avatar
Guru

Hi @Avijeet Dash,

do you have impersonation enabled ('doAs') ?

check this out, hth....

avatar
Super Collaborator

thanks @Gerd Koenig