0

这是在kerberos模式下连接到hive的代码

import java.sql.*;
import org.apache.hadoop.security.UserGroupInformation;

public class hive2 {
  public static void main (String args[]) {
    try {
      org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
      conf.set("hadoop.security.authentication", "Kerberos");
      UserGroupInformation.setConfiguration(conf);
      UserGroupInformation.loginUserFromKeytab("hive/ambari2012.howard2012.local@HOWARD2012.LOCAL", "/etc/security/keytabs/hive.service.keytab");
      Class.forName("org.apache.hive.jdbc.HiveDriver");
      System.out.println("getting connection");
      Connection con = DriverManager.getConnection("jdbc:hive2://ambari2012:10000/;principal=hive/ambari2012.howard2012.local@HOWARD2012.LOCAL");
      System.out.println("got connection");
      con.close();
    }
    catch (Exception e) {
      e.printStackTrace();
    }
  }
}

问题与我传递的密钥表无关,它总是给出以下错误 -

ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
java.io.IOException: Login failure for hive/ambari2012.howard2012.local@HOWARD2012.LOCAL from keytab /etc/security/keytabs/hive.service.keytab
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:921)
    at hive.connect.java.hive.connect.java.App.main(App.java:21)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

我认为它甚至没有尝试检查是否提供了正确的密钥表。我应该如何确保它正在读取正确的密钥表文件,并且如果密钥表文件不存在,它应该无法找到密钥表

请让我知道我是否必须在我的本地机器上复制 keytab 、krb 文件

4

2 回答 2

0

我缺少 jar 文件,所以如果你添加所有 jar 文件就可以了,这是完整的代码

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;

public class App {
private static Connection hiveConnection;
// get Hive Connection
public static void  main(String [] args) throws IOException, SQLException {


    String principal="principal";
    String keytab="keytab";
    Runtime rt = Runtime.getRuntime();
    try{ Process p = rt.exec("kinit -k -t " + keytab + " " + principal);
    p.waitFor(); } 
    catch(InterruptedException exception)
    {
    System.out.println("wait for threw an exception - it was interrupted"); 
    exception.printStackTrace(); 
    }
    catch (IOException exception){
           System.out.println("Exception in running kinit process") ;
            exception.printStackTrace();  
   }
            System.out.println("Preparing Hive connection1");
            Configuration conf = new Configuration();
            System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
            conf.set("hadoop.security.authentication", "Kerberos");
            UserGroupInformation.setConfiguration(conf);
            UserGroupInformation.loginUserFromKeytab(principal, keytab);


    // Hive Connection
    try {
        Class.forName("org.apache.hive.jdbc.HiveDriver");
        if(hiveConnection == null) {
            hiveConnection = DriverManager.getConnection("jdbc:hive2://host:10000/;principal=principal;auth=kerberos;kerberosAuthType=fromSubject");
           // return hiveConnection;
            System.out.println("Got Connection");
        } else {
        //return hiveConnection;
        }
    } catch (ClassNotFoundException e) {
        e.printStackTrace();
       // return null;
    } catch (SQLException e) {
        e.printStackTrace();
        // return null;
    }
}
}
于 2018-04-13T12:48:19.900 回答
0

我不认为你可以通过这种方式连接到一个 kerberized HIVE。
尝试使用 JAAS 文件https://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html 并将以下 2 个属性添加到您的 JVM 中:

-Djavax.security.auth.useSubjectCredsOnly=False
-Djava.security.auth.login.config=jaas.conf

示例文件 j​​aas.conf :

com.sun.security.jgss.krb5.initiate
{ com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab      =true
  useTicketCache =false
  doNotPrompt    =true
  principal ="hive/ambari2012.howard2012.local@HOWARD2012.LOCAL"
  keyTab    ="/etc/security/keytabs/hive.service.keytab"
  debug     =false;
};

Client
{ com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab      =true
  useTicketCache =false
  doNotPrompt    =true
  principal ="hive/ambari2012.howard2012.local@HOWARD2012.LOCAL"
  keyTab    ="/etc/security/keytabs/hive.service.keytab"
  debug     =false;
};
于 2018-04-10T12:59:13.977 回答