This is documentation for MapR Version 5.0. You can also refer to MapR documentation for the latest release.

Skip to end of metadata
Go to start of metadata

The method that HiveServer2 clients use to connect to HiveServer2  is based on the HiveServer2 Authentication method and the type of client:

Using ODBC to Connect to HiveServer2

For details on how to install and use ODBC to connect to Hive, see Hive ODBC Connector

Icon
The client must have a Kerberos ticket. See Example: Generating a Kerberos Ticket 

Using JDBC or Beeline to Connect to HiveServer2

HiveServer2 AuthenticationConnection Requirements
No Authentication

Connection String:
jdbc:hive2://<hostname>:10000/default

For encryption, JDBC requires a truststore and an optional truststore password.

  • Connection String with Encryption:
    jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;sslTrustStorePassword=<password>
  • Connection String with Encryption (truststore passed in JVM arguments):
    jdbc:hive2://<host>:<port>/<database>;ssl=true

    Icon
    Prior to connecting to an application that uses JDBC,such as Beeline, you can run the following command to pass the truststore parameters as java arguments:
    e
    xport HADOOP_OPTS="-Djavax.net.ssl.trustStore=<path-to-trust-store-file> -Djavax.net.ssl.trustStorePassword=<password>"
MapR-SASL

Connection String:
jdbc:hive2://<hostname>:10000/default;auth=maprsasl

Connection String with Encryption (Hive 0.13 version):
jdbc:hive2://<hostname>:10000/default;auth=maprsasl;sasl.qop=auth-conf

Connection String with Encryption (Hive 1.0 version and above):
jdbc:hive2://<hostname>:10000/default;auth=maprsasl;saslQop=auth-conf

Connection for Java Application:
Use the -D flag to append the JVM argument: -Dhadoop.login=maprsasl

PAM

Connection String:
jdbc:hive2://hs2node:10000/default;user=<userid>;password=<password>

Kerberos

Connection String:
jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>

Connection String with Encryption (Hive 0.13 version):
jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>;sasl.qop=auth-conf

Connection String with Encryption (Hive 1.0 version and above):
jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>;saslQop=auth-conf

Connection for Java Application:
Use the -D flag to append the JVM argument: -Dhadoop.login=hybrid

Icon
The client nodes must also have a Kerberos ticket and be configured to connect to HiveServer to using Kerberos. See Example: Generating a Kerberos Ticket  and Authentication for HiveServer2.
LDAPConnection String:
jdbc:hive2://hs2node:10000/default;user=<userid>;password=<password>

Examples

Example: Using Beeline with Kerberos

Beeline must pass the Kerberos principal for HiveServer2 in the JDBC connection string. The connection strings you pass to Beeline must use the principal name that you configured for HiveServer2.

Icon
Ignore the prompts for the username and password.

See below for a sample Beeline authentication with Kerberos: 

Example: Using Beeline with Encryption but no Authentication

Example: Using Beeline with Encryption but no Authentication (truststore parameters passed as JVM arguments)


Example: Using Beeline with PAM Authentication 

 

Example: Generating a Kerberos Ticket

You use the kinit utility to generate the ticket and then use klist to verify that a ticket exists.

  • No labels