Advanced Connection Properties

When you are finished with your settings, click OK to save them and return to the Connect to Hive dialog box.

Aginity Hive Native

HiveServer2 Options

Option/Field Description
Authentication Select the authentication mechanism for HiveServer2. You can select from the following:
  • No Authorization - Do not attempt to authorize using the User ID and Password from the Connect to Hive dialog box.
  • Kerberos - Using the selected Thrift Transport, attempt to authenticate and authorize using Kerberos. If both the User ID and Password are blank in the Connect to Hive dialog box, use the currently logged-in Windows user. If they are populated, use those values. If you are going to be connecting using Kerberos using a user name and password other than the credentials used for your current computer login, the User ID must be in the form username@realm.

    Windows must be aware of the Kerberos ticketing server. If the KDC (Kerberos ticketing server) is not the Active Directory server used by the Windows workstation where Aginity Workbench is installed, you need to do the following to inform Windows of how to obtain a ticket for connecting to a Kerberized cluster:

    1. Open a Command Prompt window.
    2. At the command prompt, type the following:
      > ksetup /AddKdc <realm> <the host name or IP of Kerberos KDC>
      > ksetup /AddHostToRealmMap <host name of HiveServer2> <realm>
      > ksetup /setrealmflags <realm> ncsupported delegate TcpSupported RC4
      					
    3. Restart the computer for the setup to take effect.

    If the Metastore is on a different host, repeat the AddHostToRealmMap command above for that host.

  • User Name - Attempt to authorize using the User ID from the Connect to Have dialog box.
  • User Name and Password - Attempt to authorize using both the User ID and Password specified in the Connect to Hive dialog box.
Realm Specify the Kerberos Security Realm to use. This is only available if you selected Kerberos as the Thrift Transport mechanism.
Host FQDN Provide the host’s fully qualified domain name for HiveServer2. This is only available if you selected Kerberos as the Thrift Transport mechanism.
Service Name Enter the name of the requested service (the default is HIVE). This is only available if you selected Kerberos as the Thrift Transport mechanism.
Thrift Transport Select the Thrift transport mechanism. If you select Kerberos, you can select SASL or HTTP; for non-Kerberos options, you can select SASL, Binary, or HTTP.
HTTP Path If you selected HTTP as the Thrift Transport mechanism, provide the HTTP path.
Enable SSL Select this check box to configure a Secure Socket Layer (SSL) connection between Aginity Workbench and HiveServer2. Click SSL Options to specify the SSL settings:
  • Allow common name host name mismatch - Select this check box if the common name of an SSL certificate can mismatch the host name of the Hive server.
  • Allow self-signed or expired server certificates - Select to allow self-signed or expired certificates from the server.
  • Use two-way SSL - Select to configure two-way SSL verification and then specify the following:
    • Client certificate - Click and browse to the file that contains the client's certificate.
    • Private key file - Click and browse to the file that contains the private key.

      If the specified client's certificate contains a private key, you can leave the Private key file box blank.

    • Certificate/pk password - If the certificate or private key is password-protected, type the password in this box.

      Although the password is not shown or saved as plain text, it can be potentially copied and used by a malicious user.

Metastore Options

Optionally, if you are going to connect to the Metastore, set the following options.

Option/Field Description
Authentication Select the authentication mechanism. You can use either plain (clear text) or Kerberos. If you select Kerberos, the Simple Authentication and Security Layer (SASL) protocol will be used when connecting to Metastore. Additionally, the Realm, Host FQDN, and Service Name are required. To authenticate as the currently logged-in Windows user, remove both the User ID and Password from the Connect to Hive dialog box.
Realm Specify the Kerberos Security Realm to use.
Host FQDN Provide the host’s fully qualified domain name for HiveServer2.
Service Name Enter the name of the requested service (the default is HIVE).


Aginity Workbench for Hadoop * Topic last updated September 20, 2018