Connect to Hive from DBeaver with Kerberos

To connect to a Hive instance from DBeaver with Kerberos, complete the following steps.

  1. You should start with installing DBeaver CE. In this guide, DBeaver 21.3.4 is used.

    Use DBeaver CE 21.3.4 or later.
  2. After DBeaver CE is installed, copy the /etc/krb5.conf file from the Kerberos server to the C:\Program Files\DBeaver\jre\conf\security folder of your Windows machine.

  3. Edit the krb5.conf file. You must remove all symbols before [libdefaults] section and comment the renew_lifetime = 7d string.

  4. Transfer the keytab principal file. To create a keytab file, you should start the kadmin utility at Kerberos server and run the following command:

    xst -norandkey -k <file_name> <principal_name>

    For example:

    xst -norandkey -k hive.keytab hive/

    Your krb5.conf file should look similar the one below:

    default_realm = ADREALM.IO
    dns_lookup_realm = false
    dns_lookup_kdc = false
    ticket_lifetime = 24h
    #renew_lifetime = 7d
    forwardable = true
    ADREALM.IO = {
    kdc =
    admin_server =
    [domain_realm] = ADREALM.IO = ADREALM.IO = ADREALM.IO
  5. Create the jaas.conf file inside the DBeaver folder. In this file, you should specify the path to the principal keytab file used for connecting to Hive. You also have to specify the principal name.

    Your jaas.conf file should look similarly to this:

    Client { required
  6. Create the dbeaver.ini file located in the DBeaver folder. You have to add the paths to the jaas.conf and krb5.conf files that were created earlier. For now we assume that jaas.conf and dbeaver.ini are in the same folder.

    -Xmx1024m\Program Files\DBeaver\jre\conf\security\krb5.conf
  7. Get the authentication ticket using the keytab file. To do this, you should switch to the C:\Program Files\DBeaver\jre\bin folder and run the following command:

    ./kinit.exe -k -t keytab-file-path principal_name

    The output of the command above is similar to this:

    New ticket is stored in cache file C:\Users\Administrator\krb5cc_Administrator
  8. Download the driver JAR and unpack it into the DBeaver folder.

  9. Now you can run DBeaver. Go to the Database menu and select Driver Manager. Choose New.

  10. Fill in the necessary fields:

    • Driver name: Hive Kerberos;

    • URL Template: jdbc:hive2://{host}:{port}/{database};principal=hive/;

    • Default port: 10000;

    • Default Database: default.

  11. Go to the Libraries tab and select the hive-jdbc-3.1.1-arenadata-standalone.jar driver file that you unpacked earlier. Choose FindClass and select org.apache.hive.jdbc.HiveDriver. Click Ok.

    hive dbeaver 1
    Create driver
    hive dbeaver 1 is dark
    Create driver
  12. Create a new connection. For this, go to Database → New Database Connection tab. Choose Hive Kerberos. Fill in the Host field with the IP address of the Hive server.

    hive dbeaver 2
    Create new connection
    hive dbeaver 2 is dark
    Create new connection
  13. Click Test Connection to verify the connection.

    hive dbeaver 3
    Connection test
    hive dbeaver 3 is dark
    Connection test
  14. Click Finish. The setup is complete.

hive dbeaver 4
Hive instance
hive dbeaver 4 is dark
Hive instance
Found a mistake? Seleсt text and press Ctrl+Enter to report it