Examples
Example: Using Beeline with Kerberos
Beeline must pass the Kerberos principal for HiveServer2 in the JDBC connection string. The connection strings you pass to Beeline must use the principal name that you configured for HiveServer2.
NOTE:
Ignore the prompts for the username
and password.
See below for a sample Beeline authentication with Kerberos:
Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>
scan complete in 3ms
Connecting to jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>
Enter username for jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>:
Enter password for jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>:
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://<hostname>:10000/def> show tables;
+-----------+
| tab_name |
+-----------+
| hcatkv |
| kv |
+-----------+
2 rows selected (1.348 seconds)Example: Using Beeline with Encryption but no Authentication
$ beeline
Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp
scan complete in 4ms
Connecting to jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp
Enter username for jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp: qa-user1
Enter password for jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp: ****
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://127.0.0.1:10000/default> show tables;
+-------------------+
| tab_name |
+-------------------+
| table1 |
| table2 |
+-------------------+Example: Using Beeline with Encryption but no Authentication (truststore parameters passed as JVM arguments)
$ beeline
Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://127.0.0.1:1000/default;ssl=true
scan complete in 4ms
Connecting to jdbc:hive2://127.0.0.1:10000/default;ssl=true
Enter username for jdbc:hive2://127.0.0.1:10000/default;ssl=true: qa-user1
Enter password for jdbc:hive2://127.0.0.1:10000/default;ssl=true: ****
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://127.0.0.1:10000/default> show tables;
+-------------------+
| tab_name |
+-------------------+
| table1 |
| table2 |
+-------------------+Example: Using Beeline with PAM Authentication
~$ beeline
Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://<HiveServer2Host>:<port>/default
scan complete in 4ms
Connecting to jdbc:hive2://<HiveServer2Host>:<port>/default
Enter username for jdbc:hive2://<HiveServer2Host>:<port>/default: mapr
Enter password for jdbc:hive2://<HiveServer2Host>:<port>/default: *******
Hive history file=/tmp/mapr/hive_job_log_97d1cf06-bbf5-4abf-9bbb-d9ce56667fdf_941674138.txt
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READExample: Generating a Kerberos Ticket
You use the
kinit utility to generate the ticket and then
use klist to verify that a ticket
exists.
# kinit username/<FQDN@REALM>
# klist
Credentials cache: API:501:9
Principal: username/<FQDN@REALM>
Cache version: 0
Server: krbtgt/<FQDN@REALM>
Client: username/<FQDN@REALM>
Ticket etype: aes128-cts-hmac-sha1-96
Ticket length: 256
Auth time: Jun 11 10:01:48 2014
End time: Jun 12 18:01:34 2014
Renew till: Jun 18 10:01:48 2014
Ticket flags: pre-authent, initial, renewable, forwardable
Addresses: addressless