Hi All,

I am having a kerberized HDP 2.5.

I am doing Kerberos SPNEGO authentication from browser(on a client machine 
where I did the kinit and have a valid Kerberos ticket in the ticket cache) and 
able to get the org.ietf.jgss.GSSCredential in my web application (hosted on a 
different node).

FLOW:
-------
Hitting the web app URL I get the challenge response header WWW-Authenticate: 
Negotiate and then the browser uses GSS-API to load the user's Kerberos ticket 
from ticket cache of the form Authorization: Negotiate YII. This works 
perfectly fine and I am authenticated via Kerberos and landed up in my web app.

On the web app I get this *org.ietf.jgss.GSSCredential* and now want to figure 
out how this org.ietf.jgss.GSSCredential can be used to access Hive Server2 via 
JDBC (without doing a kinit).

I see code like from Cloudera JDBC Driver for Impala :
jdbc:impala://node1.example.com:21050;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=node1.example.com;KrbServiceName=impala

https://www.cloudera.com/documentation/other/connectors/impala-jdbc/latest/Cloudera-JDBC-Driver-for-Impala-Install-Guide.pdf

And Simba driver for Impala
----------------------------------
GSSCredential userCredential = [GSSCredential]
Driver driver = (Driver) 
Class.forName("com.simba.impala.jdbc41.Driver").newInstance();
Properties properties = new Properties();
properties.put("userGSSCredential", userCredential);
Connection conn = 
driver.connect("jdbc:impala://node1.example.com:21050;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=node1.example.com;KrbServiceName=impala"
 ,properties);

http://www.simba.com/products/Impala/doc/JDBC_InstallGuide/content/jdbc/im/authenticating/delegatedkerberos.htm

Simba driver for Hive
-------------------------
jdbc:hive2://node1.example.com:10000;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=hs2node1.example.com;KrbServiceName=hive;KrbAuthType=2

http://www.simba.com/products/Hive/doc/JDBC_InstallGuide/content/jdbc/hi/authenticating/kerberos.htm

I am using HDP 2.5 and hence using the "org.apache.hive.jdbc.HiveDriver".
Not sure if the "org.apache.hive.jdbc.HiveDriver" supports the JDBC Urls that 
somehow allow me to use org.ietf.jgss.GSSCredential.
I did not find any mentions on the Apache Hive docs.

Correct me if I am wrong I am thinking of  ways to pass 
*org.ietf.jgss.GSSCredential* via GSS API calls to access Hive Server 2 jdbc?  
I am not sure about this too.

Any pointers or examples would be of great help here.

Thanks,
-Nirmal

________________________________






NOTE: This message may contain information that is confidential, proprietary, 
privileged or otherwise protected by law. The message is intended solely for 
the named addressee. If received in error, please destroy and notify the 
sender. Any use of this email is prohibited when received in error. Impetus 
does not represent, warrant and/or guarantee, that the integrity of this 
communication has been maintained nor that the communication is free of errors, 
virus, interception or interference.

Reply via email to