我正在尝试启用Spark thrift服务器并启用Kerberos身份验证。为此,我在conf/hive-site.xml
:
<configuration>
<!--
<property>
<name>hive.server2.transport.mode</name>
<value>http</value>
</property>
-->
<property>
<name>hive.server2.authentication</name>
<value>KERBEROS</value>
</property>
<property>
<name>hive.metastore.kerberos.principal</name>
<value>thrift/iman@EXAMPLE.COM</value>
</property>
<property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>thrift/iman@EXAMPLE.COM</value>
</property>
<property>
<name>hive.server2.authentication.kerberos.keytab</name>
<value>/opt/nginx/iman.keytab</value>
<description>Keytab file for Spark Thrift server principal</description>
</property>
</configuration>
当我运行start-thriftserver.sh
脚本时,我在日志中收到以下错误:
18/02/19 18:16:57 ERROR ThriftCLIService: Error starting HiveServer2: could not start ThriftBinaryCLIService
javax.security.auth.login.LoginException: Kerberos principal should have 3 parts: spark
at org.apache.hive.service.auth.HiveAuthFactory.getAuthTransFactory(HiveAuthFactory.java:148)
at org.apache.hive.service.cli.thrift.ThriftBinaryCLIService.run(ThriftBinaryCLIService.java:58)
at java.lang.Thread.run(Thread.java:748)
18/02/19 18:16:57 INFO HiveServer2: Shutting down HiveServer2
说Kerberos的主要名称应该是3个部分,这很奇怪,因为它已经在XML配置中设置为thrift/iman@EXAMPLE.COM
。
另外,我尝试评论 hive.server2.authentication.kerberos.principal 属性以查看它是否有任何影响,事实上它确实会产生不同的错误&#34;没有指明主要人员#34;当我那样做的时候。
有谁知道问题是什么?任何帮助表示赞赏。
答案 0 :(得分:0)
您需要在core-site.xml
文件中添加以下内容:
<property>
<name>hadoop.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>