Connecting to Secure Clusters with Kerberos Enabled

  1. Create a Kerberos directory on a local system.
  2. Copy hive.service.keytab from un0 node (HiveServe2 node) of the ODH cluster to the Kerberos directory, and then rename it to oac.keytab.
  3. Copy /etc/krb5.conf from un0 node of the ODH cluster to the Kerberos directory and rename it to krb5conf.
  4. Update admin_server and kdc information in krb5conf with the public IP of cluster's mn0 node instead of hostname.
  5. Create a file named service_details.json inside Kerberos directory. For example:
    
    {
     "Host" : "<Public IP of HiveServer2 node(un0)>",
     "Port" : "10000",
     "ServicePrincipalName" : "hive/<FQDN of HiveServer2 node(un0)>@<REALM_NAME>"
    }
  6. Create a zip for Kerberos directory. For example:
    $ ls -1 kerberos
    krb5conf
    oac.keytab
    service_details.json
     
    $ zip -r SSLKerberos.zip kerberos/*
  7. To create a connection for Kerberos enabled ODH Open the navigation menu and click Analytics & AI. Under Analytics, click Analytics Cloud..
  8. To connect to an Oracle Analytics Cloud instance, select the compartment in which you created the instance.

    If needed, create an instance. See Creating an OAC Instance.

  9. Click the instance name.
  10. Click Analytics Home Page.
  11. Click Create, and then select Connection.
  12. Select Apache Hive.
  13. Enter a name for the connection, and then enter the remaining details with the following specifics:
    • Authentication Type - Select Kerberos
    • Client Credentials - Select SSLKerberos.zip from the local system
    • Authentication - Select Always use these credentials
  14. Click Save.
  15. To verify the connection, go to the OAC home page and click Connect to Your Data.
  16. Click the connection you created.
    If successful, the hive database tables are listed.