以下是以kerberos模式连接到配置单元的代码
import java.sql.*;
import org.apache.hadoop.security.UserGroupInformation;
public class hive2 {
public static void main (String args[]) {
try {
org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("hive/ambari2012.howard2012.local@HOWARD2012.LOCAL", "/etc/security/keytabs/hive.service.keytab");
Class.forName("org.apache.hive.jdbc.HiveDriver");
System.out.println("getting connection");
Connection con = DriverManager.getConnection("jdbc:hive2://ambari2012:10000/;principal=hive/ambari2012.howard2012.local@HOWARD2012.LOCAL");
System.out.println("got connection");
con.close();
}
catch (Exception e) {
e.printStackTrace();
}
}
}
问题无关紧要我传递了什么密钥表总是给出以下错误 -
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
java.io.IOException: Login failure for hive/ambari2012.howard2012.local@HOWARD2012.LOCAL from keytab /etc/security/keytabs/hive.service.keytab
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:921)
at hive.connect.java.hive.connect.java.App.main(App.java:21)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
我不认为它甚至试图检查是否给出了正确的密钥表。 我应该如何确保它读取正确的keytab文件,如果keytab文件不存在,它应该无法找到keytab
如果我必须在本地计算机中复制keytab,krb文件,请告诉我
答案 0 :(得分:0)
我认为你不能用这种方式连接到一个kerberized HIVE 尝试使用JAAS文件https://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html 并将以下2个属性添加到JVM:
-Djavax.security.auth.useSubjectCredsOnly=False
-Djava.security.auth.login.config=jaas.conf
示例文件jaas.conf:
com.sun.security.jgss.krb5.initiate
{ com.sun.security.auth.module.Krb5LoginModule required
useKeyTab =true
useTicketCache =false
doNotPrompt =true
principal ="hive/ambari2012.howard2012.local@HOWARD2012.LOCAL"
keyTab ="/etc/security/keytabs/hive.service.keytab"
debug =false;
};
Client
{ com.sun.security.auth.module.Krb5LoginModule required
useKeyTab =true
useTicketCache =false
doNotPrompt =true
principal ="hive/ambari2012.howard2012.local@HOWARD2012.LOCAL"
keyTab ="/etc/security/keytabs/hive.service.keytab"
debug =false;
};
答案 1 :(得分:0)
我缺少jar文件,所以如果你添加所有jar文件就可以了,这里是完整的代码
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
public class App {
private static Connection hiveConnection;
// get Hive Connection
public static void main(String [] args) throws IOException, SQLException {
String principal="principal";
String keytab="keytab";
Runtime rt = Runtime.getRuntime();
try{ Process p = rt.exec("kinit -k -t " + keytab + " " + principal);
p.waitFor(); }
catch(InterruptedException exception)
{
System.out.println("wait for threw an exception - it was interrupted");
exception.printStackTrace();
}
catch (IOException exception){
System.out.println("Exception in running kinit process") ;
exception.printStackTrace();
}
System.out.println("Preparing Hive connection1");
Configuration conf = new Configuration();
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
conf.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(principal, keytab);
// Hive Connection
try {
Class.forName("org.apache.hive.jdbc.HiveDriver");
if(hiveConnection == null) {
hiveConnection = DriverManager.getConnection("jdbc:hive2://host:10000/;principal=principal;auth=kerberos;kerberosAuthType=fromSubject");
// return hiveConnection;
System.out.println("Got Connection");
} else {
//return hiveConnection;
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
// return null;
} catch (SQLException e) {
e.printStackTrace();
// return null;
}
}
}