Pivotal Knowledge Base

Follow

Hive PAM authentication fails with no jpam in java.library.path

Environment

Product Version
Pivotal HD  2.x / 3.x 
Pivotal HDP  2.2.x / 2.3.x / 2.4.x
OS  RHEL 6.x

Symptom

From beeline command line, users are unable to login to hiveserver2 using PAM authentication but the login attempt times out.

Error Message:

From hiveserver2.log -

Exception in thread "HiveServer2-Handler-Pool: Thread-35" java.lang.UnsatisfiedLinkError: no jpam in java.library.path
    at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1867)
    at java.lang.Runtime.loadLibrary0(Runtime.java:870)
    at java.lang.System.loadLibrary(System.java:1122)
    at net.sf.jpam.Pam.<clinit>(Pam.java:51)
    at org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:43)
    :
    :

Cause 

The customer followed these instructions to enable PAM authentication for Hive:

https://community.hortonworks.com/articles/591/using-hive-with-pam-authentication.html

However, misunderstanding of the instruction caused the customer to copy the libjpam.so to an incorrect location.

Resolution

1. Thoroughly read through the above mentioned instruction and understand it for different causes.

2. Identify java.library.path for the hiveserver2

$ ps -ef | grep hiveserver2
hive     19643     1  5 21:01 ?        00:00:15 /usr/java/default/bin/java -Xmx1024m -Dhdp.version=2.3.2.0-2950 -Djava.net.preferIPv4Stack=true -Dhdp.version=2.3.2.0-2950 -D  hadoop.log.dir=/var/log/hadoop/hive -Dhadoop.log.file=hadoop.log -Dhadoop.home.dir=/usr/hdp/2.3.2.0-2950/hadoop -Dhadoop.id.str=hive -Dhadoop.root.logger=INFO,console -Djava.library.path=:/usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64:/usr/hdp/2.3.2.0-2950/hadoop/lib/native -Dhadoop.policy.file=hadoop-policy.xml 
 
In this case /usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64 and /usr/hdp/2.3.2.0-2950/hadoop/lib/native are the Java library paths.
 
3. Check those identified Java library paths and check whether there libjpam.so exists

4. Download the libjpam.so from https://sourceforge.net/projects/jpam/files/jpam/jpam-1.1/
 
5. Copy libjpam.so from the downloaded archive to one of the identified library paths. 
Example:
# cp libjpam.so /usr/hdp/current/hadoop-client/lib/native/Linux-amd64-64/
 
6. Restart the hiveserver2 service from Ambari and check the hive login using beeline. 

Comments

Powered by Zendesk