AnsweredAssumed Answered

Security-related config in "soft" Hiveserver2

Question asked by rbukarev on Mar 1, 2018
Latest reply on Mar 18, 2018 by Harikrishnan Cheneperth Kunhumveettil

So I've got MapR 6, and I'm trying to run a Spark application which registers a temporary table in HiveContext, and starts its own Hiveserver2:

.config("spark.sql.hive.thriftServer.singleSession","true")
.config("spark.sql.autoBroadcastJoinThreshold","100000000")
.config("hive.server2.thrift.port","10022")
.config("hive.server2.authentication", "MAPRSASL")
.config("hive.server2.thrift.bind.host","myhost_fqdn")

 

It worked fine in an unsecured Hortonworks cluster (there was no a line with authentication mode, of course). Now I'm trying to run it in MapR, and get the following error message in beeline:

beeline> !connect jdbc:hive2://myhost_fqdn:10022/default;auth=maprsasl
Connecting to jdbc:hive2://myhost_fqdn:10022/default;auth=maprsasl
18/03/02 04:29:24 [main]: WARN jdbc.HiveConnection: Failed to connect to myhost_fqdn:10022
Unknown HS2 problem when communicating with Thrift server.
Error: Could not open client transport with JDBC Uri: jdbc:hive2://myhost_fqdn: 10022/default;auth=maprsasl: Peer indicated failure: Bad server key (state=08S01,code=0)

 

At the same time this is what I see in the application log:

javax.security.sasl.SaslException: Bad server key [Caused by javax.security.sasl.SaslException: Error while trying to decrypt ticket: 2]
at com.mapr.security.maprsasl.MaprSaslServer.evaluateResponse(MaprSaslServer.java:190)
at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)

 

Do I need to provide some extra parameter to that "soft" hiveserver2 instance? What would that be?

Outcomes