I am trying to connect to Hive with Kerberos authentication using beeline. I have initialized a ticket with
kinit -V --kdc-hostname=<HOSTNAME> -kt /etc/krb5.keytab <USER#REALM>
and I can see it is active when I run klist but when I try to connect to Hive, I get the well known error message:
SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
I changed the log4j level to debug, and found the following:
DEBUG HiveAuthFactory: Cannot find private method "getKeytab" in class:org.apache.hadoop.security.UserGroupInformation
and after this, beeline is trying to use my unix username to authenticate, which is obviously failing. So I think the problem is that beeline doesn't find my keytab file.
Most probably the problem is with beeline command.
Make sure you provide authentication parameter correctly and have double quotes around the connection string.
beeline -u "jdbc:hive2://HOSTNAME:10000/default;principal=hive/hostname#Example.com"
And also check your Kerberos principal if it has permission to access hive.
Related
I'm new to PostgreSQL. I just installed the Postgres.app on my Mac and wanted to use the psql command in the terminal. However, when I type psql in the terminal, I'm asked to input the password. I was never asked to set a password during installation so I'm confused what the password is. I've looked at other similar questions but none of them worked for my case.
$ psql
$ Password for user kaili:
$ psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed:
FATAL: password authentication failed for user "kaili"
Could anyone give me some hints on how to access the database as the user kaili? Thank you!
sorry if the question may be vague or not but I noticed that whenever I have tried to login to a ssh server it usually says "permission denied(publickey, password" or "permission denied(publickey, password,x, y)" where x and y are other strings but do these indicate what I could use to login to the server or are these the requirements needed to login to the server?
It only lists the list of attempted authentication methods that failed at the initiation of the connection.
As described in this article from Marko Aleksic
One reason for the error may be sshd_config, the file that contains SSH server configuration.
The other possibility is that the authorized_keys file has insufficient permissions
if you have access to the server, stop the sshd service, and restart it manually in debug mode:
sudo /usr/sbin/sshd -d
That way, you will see exactly what is attempted and why it fails.
I have been searching for this problem for so long, but I cant seem to get a positive result, I am new to pentesting and so I am doing some tasks on tryhackme for learning the basics of Linux and so when I try to connect to an ssh server :
ssh shiba1#10.8.150.23
The authenticity of host '10.8.150.23 (10.8.150.23)' can't be established.
ECDSA key fingerprint is
SHA256:5mSp6dwM2HeSewbWzIVJ2GV4bRUmbrdS0ZX8qMRPjfU.
Are you sure you want to continue connecting (yes/no /[fingerprint])? yes
Failed to add the host to the list of known hosts (/home/chota/.ssh/known_hosts).
shiba1#10.8.150.23's password:
Permission denied, please try again.
shiba1#10.8.150.23's password:
it gives me an authentication error(even though I am typing the correct password which is shiba1) btw this question is not a duplicate of ssh connection refused : tryhackme Learn Linux walkthrough
Any help would be appreciated
Btw, you can find the room at the following link:
https://tryhackme.com/room/zthlinux
it gives me an authentication error
Before that, it gives you an issue with /home/chota/.ssh/known_hosts.
I would start by checking the permissions of /home/chota/.ssh and known_hosts, to see why the ssh process is not able to modify that file.
Than I can check if the authentication error persists.
I have kerberized Hadoop Hortonworks cluster running. Beeline works fine.
But When I am launching hive it fails with the follwoing error:
Caused by: MetaException(message:Could not connect to meta store using any of the URIs provided. Most recent failure: org.apache.thrift.transport.TTransportException: GSS initiate failed
[root#hdpm1 ~]# su - hive
[hive#hdpm1 ~]$ hive
Before runing beeline you must get TGT using kinit
example for hive user using service keytab:
kinit -kt <path_to keystore> <principal_name>
kinit -kt /etc/security/keytabs/hive.service.keytab hive/<host>
From workstation (Windows) trying to execute
knife ssh 'name:*' 'sudo chef-client'
But it shows error message of
WARNING: Failed to connect to ******** – Net::SSH::AuthenticationFailed: Authentication failed for user ************
How do I solve this error?
Another question is how to execute 'sudo chef-client' on all nodes from workstation without using any passwords?
If you run knife ssh --help you'll get a list of available options. Try adding -VV for verbose output. That's usually helpful as it should tell you what user knife is trying to connect as.
My guess is you'll have to incorporate one or more of the ssh options (a few listed here):
-x, --ssh-user USERNAME
-i, --identity-file IDENTITY_FILE
-P, --ssh-password [PASSWORD] (will prompt if flag specified but no password is given)
The docs (https://docs.getchef.com/knife_ssh.html) also have some helpful examples
Your SSH authentication isn't working, fix that. Key-based authentication is something I'm sure you can look up on Google, but in general set your public key in .ssh/authorized_keys and setup your agent on your workstation.