大叔经验分享(135)hive开启ldap认证
hive-site.xml
1 接入ldap或ad域
<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldap://test.com</value>
</property>
<property>
<name>hive.server2.authentication.ldap.Domain</name>
<value>test.com</value>
</property>
2 执行sql使用登录账号而不是hive进程启动账号
<property>
<name>hive.server2.enable.doAs</name>
<value>true</value>
</property>
3 添加账号到admin
<property>
<name>hive.users.in.admin.role</name>
<value>username</value>
</property>
4 改为sql授权
<property>
<name>hive.security.authorization.manager</name>
<value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory</value>
</property>
以上改完重启hive server
core-site.xml
1 允许hive进程启动账号切换到登录账号
<property>
<name>hadoop.proxyuser.hive.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.hive.groups</name>
<value>*</value>
</property>
以上改完重启namenode
客户端连接
先进beeline,在用!connect命令连接
# beeline
beeline> !connect jdbc:hive2://$server:10000
Connecting to jdbc:hive2://$server:10000
Enter username for jdbc:hive2://$server:10000: username
Enter password for jdbc:hive2://$server:10000: *********
Connected to: Apache Hive (version 2.3.8)
Driver: Hive JDBC (version 2.3.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://$server:10000> set role admin
参考:
https://cwiki.apache.org/confluence/display/hive/languagemanual+authorization
https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-Authentication/SecurityConfiguration
https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization
https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.6.5/bk_data-access/content/ch02s05s02.html
---------------------------------------------------------------- 结束啦,我是大魔王先生的分割线 :) ----------------------------------------------------------------
- 由于大魔王先生能力有限,文中可能存在错误,欢迎指正、补充!
- 感谢您的阅读,如果文章对您有用,那么请为大魔王先生轻轻点个赞,ありがとう