I'm trying to access hiveserver2 with kerberos enabled (hive 10, cdh 4.2.1, local metastore) from the beeline tool, but seeing some unexpected (to me) behavior:
- when entering the command in Beeline like "!connect jdbc:hive2://host:port/default;<hive principal>" I'm asked to enter username and password, but whatever fake values I provide, I can still log in - once I'm logged in, I can execute 'show databases;' and successfully see the list of all databases from the metastore; but when I try to create one, I'm getting error from the Hadoop layer, saying the user "hive" can't write to specific location in HDFS. 'hive' in my configuration is the user who runs the hiveserver2 and also user who runs beeline program, but entered username in Beeline !connect command is, say, 'user1', so in the Hadoop logs I expect to see something like "user1-via-hive' proxying, but that's not what happens. That behavior seems to not depend on the hive.server2.enable.impersonation or hive.server2.enable.doAs config param values. Anyone has any thoughts? Thanks, Mikhail
