All Apps and Add-ons

Splunk DB Connect App - kerberos authentication issues

npassmore101mod
New Member

I have installed DB Connect App 3.1.3 successfully, and connecting to a Hortonworks HIVE environment, however had issues with the kerberos authentication.

My key issues are :-

The kerberos ticket has to be created manually and refreshed via kinit on a crontab, which isn't ideal had hoped the app would create and maintain the ticket ?

Ideally we would like the Splunk DB Connect App to use the “identity” username configured within the App, to make the connection to the Hive Store, rather than the OS user that the Splunk DB Connect App is running as. Is this possible ? Have tried but always connect to Hive as the "splunk" os user – hence implements Ranger Policies based on the “splunk” service account rather than the logged on user context.

Summay of implementation steps below

DB Connect Application user i.e. “splunk” runs the “kinit” command to create a new valid Kerberos authentication ticket. This ticket currently expires in 24 hours
The DB Connect Application uses “splunk” as its identity within the Application
A Database connection “HiveJDBC_Kerberos “ configured using JDBC URL (have tried All KrbAuthType” options. “jdbc:hive2://:10001;AuthMech=1;KrbRealm=;KrbHostFQDN=;KrbServiceName=hive;KrbAuthType=2;transportMode=http;httpPath=cliservice”
Connection saves, and validates.
Able to run a query i.e. | dbxquery connection=HiveJDBC_Kerberos query="SELECT * FROM "

However after 24 hours, the connection will fail with error “Error creating login context with ticket cache“ – this makes sense as we know to cached kerberos ticket will only last for 24 hours.

The documentation for configuring DB Connect with Microsoft SQL Server Kerberos was used as a template, modified to reflect
HortonWorks > Hive JDBC connectivity.

0 Karma

kc64645
Explorer

Hi, Were you able to resolve this? I am stuck on similar kerberos authentication issue while setting up connection with Splunk DB connect. 

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...