Kerberos Driver Arrangement

Transwarp Inceptor

jdbc:hive2://IP address:Port number/database;principal=hive/service@REALM;authentication=kerberos;kuser=principal;keytab=keytab path

Transwarp Inceptor

principal in the URL:

1. The value of principal is composed of three parts: xxx/xxx@xxx.

2. The value of service is not an IP address, but a computer name.

3. The value of principal needs to meet the rules in the hive-site.xml file.

Spark

jdbc:hive2://IP address:Port number/database;principal=hive/service@REALM

Universal Hive version: hive

Hive 2.x version: hive2.x

Hive 3.x version: hive3.x

Hive (single node)

jdbc:hive2://IP address:Port number/database;principal=hive/service@REALM

Apache Impala

jdbc:impala://IP address:Port number/database;AuthMech=1;KrbHostFQDN=quickstart.cloudera;KrbServiceName=impala

Impala

Ensure that the use of both the KrbHostFQDN and KrbServiceName parameters (to replace principal) can pass authentication.

FusionInsight HD

jdbc:hive2://zkhost:Port number/,zkhost:Port number,zkhost:port number/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/service@REALM

ZooKeeper

1. Ensure that ZooKeeper requires Kerberos authentication by checking the version of the principal JAR package.

2. Ensure that the ZooKeeper JAR package used is a database built-in one.

3. Check the relevant configuration of ZooKeeper.

Hive (Zookeeper format, commonly used in clusters)

Phoenix

jdbc:phoenix:quorum:Port number/database:principal:keytabPath

Phoenix

1. It is best to include principal and keytab in the URL.

2. Specify whether ZooKeeper needs to be authenticated. If no authentication is required, set the zookeeper.sasl.client system parameter to falseIf SASL authentication is required, use the correct value of principal.

3. If the value of hbase.zookeeper.quorum is a hostname, configure the mapping in hosts.

HBase

jdbc:phoenix:quorum:Port number/database:principal:keytabPath

HBase