Security Forum

HDP Advanced Security – hive connector

  • #57600
    Krzysztof Adamski
    Participant

    I am struggling to make advanced security work with hive. I wonder if there is a mistake in the documentation.
    Point 4.2.3.2 Configure Hive

    Property name: hive.security.authorization.manager change from org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider to org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider

    Looks exactly the same. Which authorization provider should be chosen here?

to create new topics or reply. | New User Registration

  • Author
    Replies
  • #57658
    Don Bosco Durai
    Moderator

    Apologize for the typo. We will fix the document.

    Here is the value you need to use:

    com.xasecure.authorization.hive.authorizer.XaSecureAuthorizer

    If you copy/pasting values from the PDF document, then make sure you there are no spaces between word (e.g. with a class path)

    #57704
    Krzysztof Adamski
    Participant

    Thanks. The agent is now connected.
    However I get an error when starting hive. Any ideas?

    [EL Warning]: metadata: 2014-07-23 11:44:09.354–ServerSession(2076218862)–Class [com.xasecure.audit.entity.XXBaseAuditEvent] specifies discriminatorType=INTEGER and uses [XXBaseAuditEvent] as the discriminatorValue. That value cannot be converted to an integer. We will attempt to use this value in String format.
    FAILED: RuntimeException org.apache.hadoop.hive.ql.metadata.HiveException: java.lang.ClassCastException: com.xasecure.authorization.hive.authorizer.XaSecureAuthorizer cannot be cast to org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider

    #58133
    Don Bosco Durai
    Moderator

    Can you check your hive.server2.custom.authentication.class property in Ambari? It should be com.xasecure.authentication.hive.LoginNameAuthenticator

    #58144
    Krzysztof Adamski
    Participant

    Yes. The value for this property is set as expected.
    Nevertheless we are now struggling making kerberos work and since it is really difficult for a beginner to debug this Advanced Security (connection problem error, any details?) we will go rather with standard ACLs in HDFS and roles in hive.

    We will get back to this tool in future.

    Logging initialized using configuration in file:/etc/hive/conf.dist/hive-log4j.properties
    hive> show databases;
    [EL Warning]: metadata: 2014-07-31 07:16:02.298–ServerSession(256152745)–Class [com.xasecure.audit.entity.XXBaseAuditEvent] specifies discriminatorType=INTEGER and uses [XXBaseAuditEvent] as the discriminatorValue. That value cannot be converted to an integer. We will attempt to use this value in String format.
    OK
    default
    Time taken: 3.391 seconds, Fetched: 1 row(s)

You must be to reply to this topic. | Create Account

Support from the Experts

A HDP Support Subscription connects you experts with deep experience running Apache Hadoop in production, at-scale on the most demanding workloads.

Enterprise Support »

Become HDP Certified

Real world training designed by the core architects of Hadoop. Scenario-based training courses are available in-classroom or online from anywhere in the world

Training »

Hortonworks Data Platform
The Hortonworks Data Platform is a 100% open source distribution of Apache Hadoop that is truly enterprise grade having been built, tested and hardened with enterprise rigor.
Get started with Sandbox
Hortonworks Sandbox is a self-contained virtual machine with Apache Hadoop pre-configured alongside a set of hands-on, step-by-step Hadoop tutorials.
Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.