I am trying to start the Spark thrift server with Kerberos authentication enabled. To do so, I have these configurations in conf/hive-site.xml:
<configuration>
<!--
<property>
<name>hive.server2.transport.mode</name>
<value>http</value>
</property>
-->
<property>
<name>hive.server2.authentication</name>
<value>KERBEROS</value>
</property>
<property>
<name>hive.metastore.kerberos.principal</name>
<value>thrift/iman@EXAMPLE.COM</value>
</property>
<property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>thrift/iman@EXAMPLE.COM</value>
</property>
<property>
<name>hive.server2.authentication.kerberos.keytab</name>
<value>/opt/nginx/iman.keytab</value>
<description>Keytab file for Spark Thrift server principal</description>
</property>
</configuration>
When I run the start-thriftserver.sh script, I get the following error in the logs:
18/02/19 18:16:57 ERROR ThriftCLIService: Error starting HiveServer2: could not start ThriftBinaryCLIService
javax.security.auth.login.LoginException: Kerberos principal should have 3 parts: spark
at org.apache.hive.service.auth.HiveAuthFactory.getAuthTransFactory(HiveAuthFactory.java:148)
at org.apache.hive.service.cli.thrift.ThriftBinaryCLIService.run(ThriftBinaryCLIService.java:58)
at java.lang.Thread.run(Thread.java:748)
18/02/19 18:16:57 INFO HiveServer2: Shutting down HiveServer2
Saying that the Kerberos princial name should be 3 parts, which is weird because it's already set as thrift/iman@EXAMPLE.COM in the XML configurations.
Also, I tried commenting out the hive.server2.authentication.kerberos.principal property to see whether it has any effect and as a matter of fact it does give a different error "No principal specified" when I do that.
Does anyone have an idea what the problem is? Any help is appreciated.
