Examples

Example: Using Beeline with Kerberos

Beeline must pass the Kerberos principal for HiveServer2 in the JDBC connection string. The connection strings you pass to Beeline must use the principal name that you configured for HiveServer2.

Note: Ignore the prompts for the username and password.

See below for a sample Beeline authentication with Kerberos:

Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>
scan complete in 3ms
Connecting to jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>
Enter username for jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>: 
Enter password for jdbc:hive2://<hostname>:10000/default;principal=mapr/<FQDN@REALM>: 
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://<hostname>:10000/def> show tables;
+-----------+
| tab_name  |
+-----------+
| hcatkv    |
| kv        |
+-----------+
2 rows selected (1.348 seconds)

Example: Using Beeline with Encryption but no Authentication

$ beeline
Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp
scan complete in 4ms
Connecting to jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp
Enter username for jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp: qa-user1
Enter password for jdbc:hive2://127.0.0.1:10000/default;ssl=true;sslTrustStore=truststore.jks;sslTrustStorePassword=tsp: ****    
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://127.0.0.1:10000/default> show tables;
+-------------------+
|     tab_name      |
+-------------------+
| table1            |
| table2            |
+-------------------+

Example: Using Beeline with Encryption but no Authentication (truststore parameters passed as JVM arguments)

$ beeline
Beeline version 0.11-mapr by Apache Hive
beeline> !connect jdbc:hive2://127.0.0.1:1000/default;ssl=true
scan complete in 4ms
Connecting to jdbc:hive2://127.0.0.1:10000/default;ssl=true
Enter username for jdbc:hive2://127.0.0.1:10000/default;ssl=true: qa-user1
Enter password for jdbc:hive2://127.0.0.1:10000/default;ssl=true: ****
Connected to: Hive (version 0.11-mapr)
Driver: Hive (version 0.11-mapr)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://127.0.0.1:10000/default> show tables;
+-------------------+
|     tab_name      |
+-------------------+
| table1            |
| table2            |
+-------------------+

Example: Using Beeline with PAM Authentication

~$ beeline 
Beeline version 0.11-mapr by Apache Hive 
beeline> !connect jdbc:hive2://<HiveServer2Host>:<port>/default 
scan complete in 4ms 
Connecting to jdbc:hive2://<HiveServer2Host>:<port>/default 
Enter username for jdbc:hive2://<HiveServer2Host>:<port>/default: mapr 
Enter password for jdbc:hive2://<HiveServer2Host>:<port>/default: ******* 
Hive history file=/tmp/mapr/hive_job_log_97d1cf06-bbf5-4abf-9bbb-d9ce56667fdf_941674138.txt 
Connected to: Hive (version 0.11-mapr) 
Driver: Hive (version 0.11-mapr) 
Transaction isolation: TRANSACTION_REPEATABLE_READ

Example: Generating a Kerberos Ticket

You use the kinit utility to generate the ticket and then use klist to verify that a ticket exists.

# kinit username/<FQDN@REALM>
# klist

Credentials cache: API:501:9
        Principal: username/<FQDN@REALM>
    Cache version: 0

Server: krbtgt/<FQDN@REALM>
Client: username/<FQDN@REALM>
Ticket etype: aes128-cts-hmac-sha1-96
Ticket length: 256
Auth time:  Jun 11 10:01:48 2014
End time:   Jun 12 18:01:34 2014
Renew till: Jun 18 10:01:48 2014
Ticket flags: pre-authent, initial, renewable, forwardable
Addresses: addressless