All Apps and Add-ons

Splunk DB Connect App - kerberos authentication issues

npassmore101mod
New Member

I have installed DB Connect App 3.1.3 successfully, and connecting to a Hortonworks HIVE environment, however had issues with the kerberos authentication.

My key issues are :-

The kerberos ticket has to be created manually and refreshed via kinit on a crontab, which isn't ideal had hoped the app would create and maintain the ticket ?

Ideally we would like the Splunk DB Connect App to use the “identity” username configured within the App, to make the connection to the Hive Store, rather than the OS user that the Splunk DB Connect App is running as. Is this possible ? Have tried but always connect to Hive as the "splunk" os user – hence implements Ranger Policies based on the “splunk” service account rather than the logged on user context.

Summay of implementation steps below

DB Connect Application user i.e. “splunk” runs the “kinit” command to create a new valid Kerberos authentication ticket. This ticket currently expires in 24 hours
The DB Connect Application uses “splunk” as its identity within the Application
A Database connection “HiveJDBC_Kerberos “ configured using JDBC URL (have tried All KrbAuthType” options. “jdbc:hive2://:10001;AuthMech=1;KrbRealm=;KrbHostFQDN=;KrbServiceName=hive;KrbAuthType=2;transportMode=http;httpPath=cliservice”
Connection saves, and validates.
Able to run a query i.e. | dbxquery connection=HiveJDBC_Kerberos query="SELECT * FROM "

However after 24 hours, the connection will fail with error “Error creating login context with ticket cache“ – this makes sense as we know to cached kerberos ticket will only last for 24 hours.

The documentation for configuring DB Connect with Microsoft SQL Server Kerberos was used as a template, modified to reflect
HortonWorks > Hive JDBC connectivity.

0 Karma

kc64645
Explorer

Hi, Were you able to resolve this? I am stuck on similar kerberos authentication issue while setting up connection with Splunk DB connect. 

0 Karma

sebdon81
Engager

@kc64645 wrote:

Hi, Were you able to resolve this? I am stuck on similar kerberos authentication issue while setting up connection with Splunk DB connect. 


Hello, unfortunately  have not got any answers for now.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...