-
30. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 14, 2016 5:22 PM (in response to rareddy)Do I need to add SPnego module and roles ?
-
31. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 14, 2016 7:12 PM (in response to debashishsaha004)No, SPENGO module is not needed.
-
32. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 15, 2016 4:45 AM (in response to rareddy)I have not used SPNEGO.security domain "host "remain as it was before.data soure security remains as "host".
Is there anything I need to add ?
can you please share your thoughts of solving this issue like How you are thinking to solve this ,How authentication will be done?? Do we need to use LDAP connection also ?
-
33. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 15, 2016 1:32 PM (in response to debashishsaha004)"host" needs to be in the "data source" configuration in security-domain element, not in Teiid transport.
-
34. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 15, 2016 1:44 PM (in response to rareddy)okaay .. then what value should I give transport subsystem <authentication security domain ="teiid-security ">
OR
<authenticatication security domain ="host" type="GSS">
Should I make any changes in transport subsystem as per the document ?
-
35. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 15, 2016 1:56 PM (in response to debashishsaha004)Do not know what you are asking, show me your Hive data source configuration in the strandalone-teiid.xml
-
36. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 15, 2016 2:03 PM (in response to rareddy)-
standalone.xml.zip 6.1 KB
-
-
37. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 15, 2016 5:50 PM (in response to debashishsaha004)Apart from not knowing the right syntax for Hive JDBC url to participate in kerberos, that looks right. So, the error message is same? if yes, that points me to your krb5.conf file, post it here, and make sure it is available in the directory mentioned. I am expecting to see more verbose log than you posted before.
-
38. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 16, 2016 11:42 AM (in response to rareddy)Yes the error log is same.
I think .conf file is okay because I have used it in other tool some while ago to check whether its corrupted or not .But its working fine.
there its working properly.
Directory path is also correct.
-
39. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 16, 2016 2:32 PM (in response to rareddy)rareddy dont you think that the EAP server instance first has to authenticate itself to the active directory using proper credentials?
Then only it can use Kerberos to get a service ticket.isn't it so ? What is your thought on it ?
-
40. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 16, 2016 3:06 PM (in response to debashishsaha004)In your case what you have tried is not "delegation" just a "static" kerberos login from Teiid --> Hive. But you are not giving any more information than old log, even after several configuration changes. I am at loss to help further without any new information. My tests with similar configuration does not behave the same on Teiid instance, and we know this scenario works, and provides lot more debug information with above configuration.
-
41. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 17, 2016 12:32 AM (in response to rareddy)I even dont know what going wrong.
I have shared wit you the standalone file too.But yes I am getting the same till now.
Can you please tell me one thing.
Do you think there is a need of using LDAP context ?if yes ,How is it going to participate in the authentication process
-
42. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 17, 2016 6:53 AM (in response to debashishsaha004)LDAP context exists if you configured your KDC server is using LDAP for authentication. That set up is beyond this thread and does not involve Teiid or WildFly, same goes if you are using Active Directory.
Delete your server.log, then restart Teiid and re-run your test and provide the whole server.log as attachment.
-
43. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
debashishsaha004 Nov 17, 2016 7:43 AM (in response to rareddy)The type of error Log you want I got it ...I make changes in Logger to set it ALL..Now I am getting this attached server Log
-
Server Log.txt.zip 10.2 KB
-
-
44. Re: Connect with Hive2 (0.12) which is kerberos authenticated.
rareddy Nov 17, 2016 8:19 AM (in response to debashishsaha004)see this and try what they asked to make sure your keytab is correct. Keberose authenication issue - Hortonworks