Support Questions

avijeetd · ‎09-19-2016

Hi All,

to connect beeline, the following steps work

1. kinit as user hr1

2. beeline connect URL

!connect jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local;auth=kerberos

Then it asks for user name, password - for which just press enter

Once we are in, which user is it

1) is it hr1

2) is it hive user on behalf of hr1

3) it is hive user

whose permissions will work?

can someone please explain the token delegation that happens here. Also is it the right way to connect using beeline.

thanks,

Avijeet

geko · ‎09-20-2016

do you have impersonation enabled ('doAs') ?

check this out, hth....

mthiele1 · ‎09-19-2016

The user that has the kerberos ticket will be the authenticated user

you can confirm

kdestroy

kinit as hr1

then klist to check

then beeline

beeline -u ' jdbc:hive2://localhost:10000/default;principal=hive/securityLab02@XXX.local'

all actions will be of the authenticated user via kerberos

please see this article

avijeetd · ‎09-20-2016

thanks @mthiele

However I noticed while doing a HIVE command - the permissions of hive service principal is taking precedence over the authenticated user

load data inpath '/tmp/sample_07.csv' into table sample_07;

geko · ‎09-20-2016

do you have impersonation enabled ('doAs') ?

check this out, hth....

avijeetd · ‎09-21-2016

beeline in kerberized cluster