Hi All, I am having a kerberized HDP 2.5.
I am doing Kerberos SPNEGO authentication from browser(on a client machine where I did the kinit and have a valid Kerberos ticket in the ticket cache) and able to get the org.ietf.jgss.GSSCredential in my web application (hosted on a different node). FLOW: ------- Hitting the web app URL I get the challenge response header WWW-Authenticate: Negotiate and then the browser uses GSS-API to load the user's Kerberos ticket from ticket cache of the form Authorization: Negotiate YII. This works perfectly fine and I am authenticated via Kerberos and landed up in my web app. On the web app I get this *org.ietf.jgss.GSSCredential* and now want to figure out how this org.ietf.jgss.GSSCredential can be used to access Hive Server2 via JDBC (without doing a kinit). I see code like from Cloudera JDBC Driver for Impala : jdbc:impala://node1.example.com:21050;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=node1.example.com;KrbServiceName=impala https://www.cloudera.com/documentation/other/connectors/impala-jdbc/latest/Cloudera-JDBC-Driver-for-Impala-Install-Guide.pdf And Simba driver for Impala ---------------------------------- GSSCredential userCredential = [GSSCredential] Driver driver = (Driver) Class.forName("com.simba.impala.jdbc41.Driver").newInstance(); Properties properties = new Properties(); properties.put("userGSSCredential", userCredential); Connection conn = driver.connect("jdbc:impala://node1.example.com:21050;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=node1.example.com;KrbServiceName=impala" ,properties); http://www.simba.com/products/Impala/doc/JDBC_InstallGuide/content/jdbc/im/authenticating/delegatedkerberos.htm Simba driver for Hive ------------------------- jdbc:hive2://node1.example.com:10000;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=hs2node1.example.com;KrbServiceName=hive;KrbAuthType=2 http://www.simba.com/products/Hive/doc/JDBC_InstallGuide/content/jdbc/hi/authenticating/kerberos.htm I am using HDP 2.5 and hence using the "org.apache.hive.jdbc.HiveDriver". Not sure if the "org.apache.hive.jdbc.HiveDriver" supports the JDBC Urls that somehow allow me to use org.ietf.jgss.GSSCredential. I did not find any mentions on the Apache Hive docs. Correct me if I am wrong I am thinking of ways to pass *org.ietf.jgss.GSSCredential* via GSS API calls to access Hive Server 2 jdbc? I am not sure about this too. Any pointers or examples would be of great help here. Thanks, -Nirmal ________________________________ NOTE: This message may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee. If received in error, please destroy and notify the sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant and/or guarantee, that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.