$ beeline -u jdbc:hive2:\/\/{hostname}:{port}\/{database}<\/code><\/strong>
\n\u5176\u4e2d\u914d\u7f6e\u4e86 hosts \u6587\u4ef6\u91cc\u9762\u7684 hostname \u548c ip \u7684\u5bf9\u5e94\u5173\u7cfb\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 hostname \u8fde\u63a5\uff1b
\n\u5982\u4e0b\u793a\u4f8b\u4e3a\u8fde\u63a5 hostname \u4e3a tdh-01\uff08ip \u4e3a172.22.23.1\uff09 \u7684 inceptor \u7684 default \u6570\u636e\u5e93<\/p>\n$ beeline -u jdbc:hive2:\/\/tdh-01:10000\/default\n$ beeline -u jdbc:hive2:\/\/172.22.23.1:10000\/default<\/code><\/pre>\n2. \u5f00\u542fLDAP\u8ba4\u8bc1\u6a21\u5f0f<\/h4>\n
\u547d\u4ee4\u683c\u5f0f\uff1a$ beeline -u jdbc:hive2:\/\/{hostname}:{port}\/{database} -n {user} -p {password}<\/code><\/strong><\/p>\n\u5982\u4e0b\u793a\u4f8b\u4e3a\u4f7f\u7528 lkw \u7528\u6237\u3001\u5bc6\u7801 123456\uff0c\u8fde\u63a5 hostname \u4e3a tdh-01\uff08ip \u4e3a172.22.23.1\uff09 \u7684 inceptor \u7684 default \u6570\u636e\u5e93<\/p>\n
$ beeline -u jdbc:hive2:\/\/172.22.23.1:10000\/default -n lkw -p 123456<\/code><\/pre>\n\n\u6ce8\u610f\uff1a-n {user} \u4e2d\u95f4\u8981\u52a0\u7a7a\u683c\uff0c\u5426\u5219\u670d\u52a1\u7aef\u4f1a\u8bef\u8ba4\u4e3a\u4f7f\u7528\u533f\u540d\u7528\u6237anonymous\u8fde\u63a5\uff0c\u800cAPACHEDS\u4e2d\u662f\u6ca1\u6709\u8fd9\u4e2a\u79df\u6237\u7684\uff08\u533a\u522b\u4e8eHIVE\uff09\uff0c\u7ee7\u800c\u62a5\u9519:
\nError: java.sql.SQLException: Could not open connection to jdbc:hive2:\/\/172.22.23.1:10000: Peer indicated failure: PLAIN auth failed: javax.security.sasl.AuthenticationException: Error validating LDAP user [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 – INVALID_CREDENTIALS: Bind failed: Attempt to lookup non-existant entry: uid=anonymous,ou=System,ou=People,dc=tdh]] (state=,code=0)<\/p>\n<\/blockquote>\n
3. \u53ea\u5f00\u542fkerberos\u8ba4\u8bc1\u6a21\u5f0f<\/h4>\n\n- \u8be5\u6a21\u5f0f\u4e0b\u6709\u4e09\u79cd\u65b9\u5f0f\u53ef\u4ee5\u767b\u5f55<\/strong><\/li>\n<\/ul>\n
3.1 \u4f7f\u7528kinit\u767b\u5f55\u7528\u6237<\/h5>\n# kinit lkw\n# \u8fd9\u91cc\u7684principal\u6307SPNs\uff0c\u56fa\u5b9a\u5199\u6cd5\uff0c\u5fc5\u987b\u662fhive\/{inceptor-server-hostname}@{realm}\u7684\u683c\u5f0f\uff0c\u548c\u524d\u9762kinit\u7684\u7528\u6237principal\u6ca1\u5173\u7cfb\n# beeline -u \"jdbc:hive2:\/\/172.22.23.1:10000\/default;principal=hive\/node01@TDH\"\n\n# \u6ce8\u610f\uff1a\u5728\u7aef\u53e3\u540e\u9762 \u8bf7\u52a1\u5fc5\u52a0\u4e0a\/<\/code>\uff0c\u5426\u5219\u62a5\u9519\uff1a\nError: Could not establish connection to null:\n Connect jdbc:hive2:\/\/principal=hive:10000\/node01@TDH : org.apache.hive.jdbc.JdbcUriParseException: Bad URL format. Hostname not found in authority part of the url: principal=hive:10000. Are you missing a '\/' after the hostname ?\nConnect jdbc:hive2:\/\/172.22.23.1:10000\/node01@TDH : java.sql.SQLException: Could not open connection to jdbc:hive2:\/\/172.22.23.1:10000\/node01@TDH: Peer indicated failure: Unsupported mechanism type PLAIN (state=08S01,code=0)\nError: Could not establish connection to null:\n<\/code><\/pre>\n3.2 \u4f7f\u7528\u8fde\u63a5\u4e32\uff08keytab\uff09\u6307\u5b9a\u8fde\u63a5\u7684\u7528\u6237<\/h5>\n# beeline -u 'jdbc:hive2:\/\/172.22.23.1:10000\/default;principal=hive\/node01@TDH;kuser=lkw@TDH;keytab=\/root\/lkw.keytab;auth=kerberos;krb5conf=\/etc\/krb5.conf'<\/code><\/pre>\n3.3 \u4f7f\u7528\u8fde\u63a5\u4e32\uff08password\uff09\u6307\u5b9a\u8fde\u63a5\u7684\u7528\u6237<\/h5>\n# beeline -u 'jdbc:hive2:\/\/172.22.23.1:10000\/default;principal=hive\/node01@TDH;kuser=lkw@TDH;password=123456;auth=kerberos;krb5conf=\/etc\/krb5.conf'<\/code><\/pre>\n\u53c2\u6570\u8bf4\u660e\uff1a<\/strong><\/p>\n\n- principal=hive\/node01@TDH\uff0c \u662fSPN(service principal)\uff0c\u662fInceptor server\u670d\u52a1 \u7684servcie principal name\uff0c\u5fc5\u987b\u662fhive\/{inceptor-server-hostname}@{realm}\u7684\u683c\u5f0f\uff1b\u548c\u767b\u5f55\u7684\u7528\u6237\u6ca1\u6709\u5173\u7cfb\uff0c\u975e\u7528\u6237\u7684principal \uff01<\/font><\/li>\n
- \u53e6\u5916\uff0c\u5728\u5f00\u542finceptorgateway\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u4e0d\u540c\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u7684principal\u662f\u4e0d\u4e00\u81f4\u7684\uff0c\u6545\u800c\u5f53\u524djdbc\u53ea\u652f\u6301\u5982\u4e0b\u5199\u6cd5 "jdbc:hive2:\/\/node01:6666\/default;principal=hive\/node01@TDH;||node02:6666\/default;principal=hive\/node02@TDH;"<\/li>\n
- kuser=lkw@TDH\uff0c\u8fd9\u4e2a\u53c2\u6570\u624d\u771f\u6b63\u6307\u5b9a\u4e86\u8981\u767b\u5f55\u7684\u7528\u6237\uff0c\u8fd9\u91cc\u662flkw\u3002lkw\u767b\u5f55\u4f7f\u7528\u7684\u5bc6\u7801\u53ef\u4ee5\u4f7f\u7528keytab\u6307\u5b9a\uff0c\u6216\u8005\u4f7f\u7528password\u6307\u5b9a<\/li>\n
- keytab=\/root\/lkw.keytab \u6307\u5b9a\u4e86\u4f7f\u7528\/root\/lkw.keytab\u7684keytab\u767b\u5f55lkw\u7528\u6237<\/li>\n
- password=123456\uff1b\u6307\u5b9a\u4e86\u4f7f\u7528\u5bc6\u7801123456\u767b\u5f55lkw\u7528\u6237\uff0c\u53c2\u65703\u548c4\u4e8c\u9009\u4e00<\/li>\n
- auth=kerberos\uff1b\u6307\u5b9a\u4e86\u4f7f\u7528kerberos\u8ba4\u8bc1\u65b9\u5f0f\u8fde\u63a5inceptor\uff0c\u53ef\u9009\uff0c\u5982\u679cbeeline\u5ba2\u6237\u7aef\u53ef\u4ee5\u8bfb\u53d6core-site.xml\u4e2d\u7684hadoop.security.authentication\u65f6\uff08\u9700\u8981\u8fdb\u4e00\u6b65\u786e\u8ba4\u5177\u4f53\u54ea\u4e2a\u53c2\u6570\uff09\uff0c\u53ef\u4ee5\u4e0d\u6307\u5b9a<\/li>\n
- krb5conf=\/etc\/krb5.conf\uff1b\u6307\u5b9akdc\u914d\u7f6e\u6587\u4ef6\uff0c\u53ef\u9009\uff0c\u5982\u679c\u4f7f\u7528\u9ed8\u8ba4\u7684\/etc\/krb5.conf\u914d\u7f6e\uff0c\u53ef\u4ee5\u4e0d\u6307\u5b9a<\/li>\n<\/ul>\n
4. \u540c\u65f6\u5f00\u542fKerberos\u548cLDAP\u8ba4\u8bc1\u6a21\u5f0f<\/h4>\n
\u5efa\u8bae\u4f7f\u7528LDAP\u65b9\u5f0f\u8ba4\u8bc1\uff0c<\/p>\n
\n\u4e0d\u8fc7\u4ece Patch-argodb6.0-tdh9.3-x86&arm-202512291112.tar.gz \uff08WARP-137874\uff09\u5f00\u59cb\uff0c\u652f\u6301 \u65e2\u53ef\u4ee5\u7528\u6237\u540d\u5bc6\u7801\u8fde\u63a5\uff0c\u4e5f\u53ef\u4ee5\u7528Principal\u767b\u5f55\u3002\u9700\u8981quark\u65b0\u589e\u81ea\u5b9a\u4e49\u53c2\u6570 hive.server2.multi.authentication.enabled<\/code>, \u503c\u4e3atrue\uff0c\u5f00\u542f\u8be5\u529f\u80fd\u3002<\/p>\n<\/blockquote>\n5. \u5f00\u542fLDAP\/KERBEROS\u8ba4\u8bc1\u7684\u60c5\u51b5\u4e0b\u7684ACCESS TOKEN\u6a21\u5f0f<\/h4>\n\n- \u9002\u7528\u4e8e5.2\u53ca\u66f4\u9ad8\u7248\u672c<\/strong><\/li>\n<\/ul>\n
# beeline -u \"jdbc:hive2:\/\/172.22.23.1:10000\/default;guardianToken=9KmW9lK27Mcqfh7o34BD-TDH\"<\/code><\/pre>\n\u5176\u4e2d guardianToken \u9700\u8981\u4ece guardian \u9875\u9762\u83b7\u53d6\uff1a
\n\u4f7f\u7528\u5bf9\u5e94\u7528\u6237\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff08\u6bd4\u5982\u8fd9\u91cc\u4f7f\u7528lkw\u7528\u6237\uff09\u767b\u5f55 guardian-server \uff0c\u7136\u540e\u70b9\u51fb\u7528\u6237\u4e0b\u62c9\u6846\u7684 Access Tokens \uff0c\u8fdb\u5165Access Tokens \u9875\u9762\uff0c\u70b9\u51fb\u6dfb\u52a0 Access Tokens \uff1b<\/p>\n
![\"file\"](\"\/wp-content\/uploads\/2019\/11\/image-1686728092082.png\")
<\/p>\n
\u5728 Access Tokens \u9875\u9762\u53ef\u4ee5\u8bbe\u7f6e\u7279\u5b9a\u7684\u5c5e\u6027\uff0c\u70b9\u51fb\u786e\u5b9a<\/p>\n
![\"file\"](\"\/wp-content\/uploads\/2019\/10\/image-1573715341914.png\")
<\/p>\n
\u751f\u6210\u8be5\u7528\u6237\u7684Access Tokens \uff0c\u7136\u540e\u4f7f\u7528\u8be5 Token \u5373\u53ef\u767b\u5f55\uff1b<\/p>\n
![\"file\"](\"\/wp-content\/uploads\/2019\/10\/image-1573715484988.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6982\u8981\u63cf\u8ff0 \u672c\u6587\u4e3b\u8981\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7 beeline \u5ba2\u6237\u7aef\u7684\u65b9\u5f0f\u8fde\u63a5 inceptor\u3002 \u8be6\u7ec6\u8bf4\u660e 1. \u65e0\u8ba4\u8bc1\u6a21 ..<\/p>\n