Kerberos Driver Guide

Transwarp   Inceptor

jdbc:hive2://IP address:Port number/database;principal=hive/service@REALM;authentication=kerberos;kuser=principal;keytab=keytab   path

principal in the URL:

• The value of principal is composed of three parts: xxx/xxx@xxx.

• The value of service is not an IP address, but a computer name.

• The value of principal needs to meet the rules in the hive-site.xml file.

Spark

jdbc:hive2://IP address:Port number/database;principal=hive/service@REALM

Hive version: hive

Hive 2.X version: hive2.x

Hive 3.X version：final

Hive (single node)

jdbc:hive2://IP address:Port number/database;principal=hive/service@REALM

Apache   Impala

jdbc:impala://IP address:Port number/database;AuthMech=1;KrbHostFQDN=quickstart.cloudera;KrbServiceName=impala

Impala

FusionInsight   HD

jdbc:hive2://zkhost:Port number/,zkhost:Port number,zkhost:Port number/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/service@REALM

ZooKeeper

• You can confirm if ZooKeeper requires Kerberos authentication by checking the version of the ZooKeeper JAR package.

• Ensure that the used ZooKeeper JAR package is a built-in one in a database.

• Check the relevant configuration of ZooKeeper.

Hive   (ZooKeeper format; commonly used in clusters)

Phoenix

jdbc:phoenix:quorum:Port number/database:principal:keytabPath

Phoenix

• You are advised to include principal and keytab in the URL.

• Confirm whether ZooKeeper needs to be authenticated. If no authentication is required, set the zookeeper.sasl.client system parameter to false. If SASL authentication is required, ensure that the principal name is correct.

• If the value of hbase.zookeeper.quorum is a hostname, you need to configure the corresponding mapping in the hosts file.

HBase

jdbc:phoenix:quorum:Port number/database:principal:keytabPath

hbase.zip