[fix](doc) add essential property for hive catalog on Kerberosied hms (…

…#16781) property `hive.metastore.kerberos.principal` is essential when the principal of hms you are connecting is not the default value: hive-metastore/_HOST@your_realms。 otherwise, you will get error: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
apache · Feb 17, 2023 · fe4ef23 · fe4ef23
1 parent 1fc5023
commit fe4ef23
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/docs/en/docs/lakehouse/multi-catalog/hive.md b/docs/en/docs/lakehouse/multi-catalog/hive.md
@@ -85,6 +85,7 @@ CREATE CATALOG hive PROPERTIES (
     'hadoop.security.authentication' = 'kerberos',
     'hadoop.kerberos.keytab' = '/your-keytab-filepath/your.keytab',   
     'hadoop.kerberos.principal' = 'your-principal@YOUR.COM',
+    'hive.metastore.kerberos.principal' = 'your-hms-principal',
     'yarn.resourcemanager.address' = 'your-rm-address:your-rm-port',    
     'yarn.resourcemanager.principal' = 'your-rm-principal/your-rm-address@YOUR.COM'
 );
@@ -93,6 +94,8 @@ CREATE CATALOG hive PROPERTIES (
 Remember `krb5.conf` and `keytab` file should be placed at all `BE` nodes and `FE` nodes. The location of `keytab` file should be equal to the value of `hadoop.kerberos.keytab`.
 As default, `krb5.conf` should be placed at `/etc/krb5.conf`.
 
+Value of `hive.metastore.kerberos.principal` should be same with the same name property used by HMS you are connecting to, which can be found in `hive-site.xml`.
+
 To provide Hadoop KMS encrypted transmission information:
 
 ```sql

diff --git a/docs/zh-CN/docs/lakehouse/multi-catalog/hive.md b/docs/zh-CN/docs/lakehouse/multi-catalog/hive.md
@@ -83,12 +83,14 @@ CREATE CATALOG hive PROPERTIES (
     'hadoop.security.authentication' = 'kerberos',
     'hadoop.kerberos.keytab' = '/your-keytab-filepath/your.keytab',   
     'hadoop.kerberos.principal' = 'your-principal@YOUR.COM',
+    'hive.metastore.kerberos.principal' = 'your-hms-principal',
     'yarn.resourcemanager.address' = 'your-rm-address:your-rm-port',    
     'yarn.resourcemanager.principal' = 'your-rm-principal/your-rm-address@YOUR.COM'
 );
 ```
 
 请在所有的 `BE`、`FE` 节点下放置 `krb5.conf` 文件和 `keytab` 认证文件，`keytab` 认证文件路径和配置保持一致，`krb5.conf` 文件默认放置在 `/etc/krb5.conf` 路径。
+`hive.metastore.kerberos.principal` 的值需要和所连接的 hive metastore 的同名属性保持一致，可从 `hive-site.xml` 中获取。
 
 提供 Hadoop KMS 加密传输信息，示例如下：