使用工具连接 hive 时,报如下错误:
The specified database user/password combination is rejected: [ 08S01] Could not open client transport with JDBC Uri: jdbc:hive2://singlenode:10000/;principal=hive/singlenode@EXAMPLE.COM: GSS initiate failed org.apache.thrift.transport.TTransportException: GSS initiate failed
确保添加了如下参数:
-Djava.security.krb5.conf="C:\ProgramData\MIT\Kerberos5\krb5.ini" -Djava.security.auth.login.config="C:\ProgramData\MIT\Kerberos5\yhf.conf" -Djavax.security.auth.useSubjectCredsonly=false
其中 yhf.conf:
com.sun.security.jgss.initiate{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=false
keyTab="C:\ProgramData\MIT\Kerberos5\yhf.keytab"
principal="yhf@EXAMPLE.COM";
};
导出 keytab 文件至 yhf.conf 中 keyTab 指定路径:
kadmin.local -q"xst -norandkey -k /home/yhf/yhf.keytab yhf"
修改客户端的 krb5.ini 文件:
例如:C:ProgramDataMITKerberos5krb5.ini
[libdefaults] dns_lookup_realm = false ticket_lifetime = 24h forwardable = true rdns = false default_realm = EXAMPLE.COM udp_preference_limit = 1 # 添加这一项
重新测试链接显示成功!
