Pivotal Knowledge Base


Hive PAM authentication fails with no jpam in java.library.path


Product Version
Pivotal HD  2.x / 3.x 
Pivotal HDP  2.2.x / 2.3.x / 2.4.x
OS  RHEL 6.x


From beeline command line, users are unable to login to hiveserver2 using PAM authentication but the login attempt times out.

Error Message:

From hiveserver2.log -

Exception in thread "HiveServer2-Handler-Pool: Thread-35" java.lang.UnsatisfiedLinkError: no jpam in java.library.path
    at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1867)
    at java.lang.Runtime.loadLibrary0(Runtime.java:870)
    at java.lang.System.loadLibrary(System.java:1122)
    at net.sf.jpam.Pam.<clinit>(Pam.java:51)
    at org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:43)


The customer followed these instructions to enable PAM authentication for Hive:


However, misunderstanding of the instruction caused the customer to copy the libjpam.so to an incorrect location.


1. Thoroughly read through the above mentioned instruction and understand it for different causes.

2. Identify java.library.path for the hiveserver2

$ ps -ef | grep hiveserver2
hive     19643     1  5 21:01 ?        00:00:15 /usr/java/default/bin/java -Xmx1024m -Dhdp.version= -Djava.net.preferIPv4Stack=true -Dhdp.version= -D  hadoop.log.dir=/var/log/hadoop/hive -Dhadoop.log.file=hadoop.log -Dhadoop.home.dir=/usr/hdp/ -Dhadoop.id.str=hive -Dhadoop.root.logger=INFO,console -Djava.library.path=:/usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64:/usr/hdp/ -Dhadoop.policy.file=hadoop-policy.xml 
In this case /usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64 and /usr/hdp/ are the Java library paths.
3. Check those identified Java library paths and check whether there libjpam.so exists

4. Download the libjpam.so from https://sourceforge.net/projects/jpam/files/jpam/jpam-1.1/
5. Copy libjpam.so from the downloaded archive to one of the identified library paths. 
# cp libjpam.so /usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64/
6. Restart the hiveserver2 service from Ambari and check the hive login using beeline. 


Powered by Zendesk