jdere
commented
6 years ago Does adding the username/password to the JDBC URL work? For example jdbc:hive2://hostname:10015/;username=user;password=pwd.
Closed zhaoyim closed 6 years ago
jdere
commented
6 years ago Does adding the username/password to the JDBC URL work? For example jdbc:hive2://hostname:10015/;username=user;password=pwd.
zhaoyim
commented
6 years ago Thanks for response! adding the username/password to the JDBC URL work, it still can NOT work. Let me describe more details, enabled the Hive LDAP authentication, I means enable the hive-interactive server LDAP authentication. If the we disabled the hive-interactive LDAP authentication, it can worked well. But the hive-interactive server 10500 does not have authentication, will have risk. Seems the LDAP authentication did not pass the password to hive-interactive server. Could you tell me more details about get jdbc connection hard code password. (DriverManager.getConnection(url, userName, "password")). Thanks a lot!
jdere
commented
6 years ago Yeah the password really should have been either removed here, in the Kerberos case it is not necessary. I suppose there could be an optional config here to add the password if it is specified via config, though this would need to be tested and admittedly we have not tested the LDAP auth case, the main case that has been tested has been with Kerberos.
If you are able to build spark-llap you can try removing the password or making it configurable, it would have to be changed in a couple of places (the DriverManager.getConnection() call you mention, as well as in LlapRelation.buildScan() (where llap.if.pwd is being set), to see if that allows things to work.
If you are testing this via Spark ThriftServer, note that STS (running as hive) will probably have to connect to HiveServer2 as hive, and set hive.server2.proxy.user in the JDBC URL similar to what is done in the example in https://github.com/hortonworks-spark/spark-llap/wiki/5.-Configuration
dongjoon-hyun
commented
6 years ago I'll close this because it seems to be resolved.
Hi Guys,
When we enabled the Hive LDAP authentication and enable the llap, then use the beeline(beeline -u jdbc:hive2://:10015 -n jinwh -p 123456 -e 'select id from jinwh.dangpf') to connect to run the spark SQL, we always the Hive LDAP authentication failed.
but if I change the user jinwh LDAP password to password, it can worked well. But this is not a good use case for the LDAP user authentication.
Also I checked the spark llap 1.6 code, I saw the get jdbc connector it have the hard code "password" in the code. Could any one can help confirm whether the llap support enable the Hive LDAP? Thanks in advance!
def getConnector( userProvidedDriverClass: Option[String], url: String, userName: String): Connection = { val subprotocol = new URI(url.stripPrefix("jdbc:")).getScheme val driverClass: Class[Driver] = getDriverClass(subprotocol, userProvidedDriverClass) registerDriver(driverClass.getCanonicalName) DriverManager.getConnection(url, userName, "password") }