大叔經驗分享(135)hive開啟ldap認證
阿新 • • 發佈:2022-05-20
hive-site.xml
1 接入ldap或ad域
<property> <name>hive.server2.authentication</name> <value>LDAP</value> </property> <property> <name>hive.server2.authentication.ldap.url</name> <value>ldap://test.com</value> </property> <property> <name>hive.server2.authentication.ldap.Domain</name> <value>test.com</value> </property>
2 執行sql使用登入賬號而不是hive程序啟動賬號
<property>
<name>hive.server2.enable.doAs</name>
<value>true</value>
</property>
3 新增賬號到admin
<property>
<name>hive.users.in.admin.role</name>
<value>username</value>
</property>
4 改為sql授權
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory</value>
</property>
以上改完重啟hive server
core-site.xml
1 允許hive程序啟動賬號切換到登入賬號
<property> <name>hadoop.proxyuser.hive.hosts</name> <value>*</value> </property> <property> <name>hadoop.proxyuser.hive.groups</name> <value>*</value> </property>
以上改完重啟namenode
客戶端連線
先進beeline,在用!connect命令連線
# beeline
beeline> !connect jdbc:hive2://$server:10000
Connecting to jdbc:hive2://$server:10000
Enter username for jdbc:hive2://$server:10000: username
Enter password for jdbc:hive2://$server:10000: *********
Connected to: Apache Hive (version 2.3.8)
Driver: Hive JDBC (version 2.3.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://$server:10000> set role admin
參考:
https://cwiki.apache.org/confluence/display/hive/languagemanual+authorization
https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Authentication/SecurityConfiguration
https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization
https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.6.5/bk_data-access/content/ch02s05s02.html