All Apps and Add-ons

Splunk DB Connect App - kerberos authentication issues

New Member

I have installed DB Connect App 3.1.3 successfully, and connecting to a Hortonworks HIVE environment, however had issues with the kerberos authentication.

My key issues are :-

The kerberos ticket has to be created manually and refreshed via kinit on a crontab, which isn't ideal had hoped the app would create and maintain the ticket ?

Ideally we would like the Splunk DB Connect App to use the “identity” username configured within the App, to make the connection to the Hive Store, rather than the OS user that the Splunk DB Connect App is running as. Is this possible ? Have tried but always connect to Hive as the "splunk" os user – hence implements Ranger Policies based on the “splunk” service account rather than the logged on user context.

Summay of implementation steps below

DB Connect Application user i.e. “splunk” runs the “kinit” command to create a new valid Kerberos authentication ticket. This ticket currently expires in 24 hours
The DB Connect Application uses “splunk” as its identity within the Application
A Database connection “HiveJDBCKerberos “ configured using JDBC URL (have tried All KrbAuthType” options. “jdbc:hive2://:10001;AuthMech=1;KrbRealm=;KrbHostFQDN=;KrbServiceName=hive;KrbAuthType=2;transportMode=http;httpPath=cliservice”
Connection saves, and validates.
Able to run a query i.e. | dbxquery connection=HiveJDBC
Kerberos query="SELECT * FROM "

However after 24 hours, the connection will fail with error “Error creating login context with ticket cache“ – this makes sense as we know to cached kerberos ticket will only last for 24 hours.

The documentation for configuring DB Connect with Microsoft SQL Server Kerberos was used as a template, modified to reflect
HortonWorks > Hive JDBC connectivity.

0 Karma