Reply
New Contributor
Posts: 3
Registered: ‎04-26-2017

Impala - kerberos authentication jdbc

Hi all,

i am trying connect to impala ( v2.6.0-cdh5.8.3) by jdbc with kerberos authentication.

This is my code:

 

public class ImpalaUtil {

private static String jdbcDriver="com.cloudera.impala.jdbc4.Driver";

private static String URL="jdbc:impala://<host_imapal_deamon>:21050;AuthMech=1;KrbRealm=REALM.COM;KrbHostFQDN=<host_impala_deamon>;KrbServiceName=impala";

private ImpalaUtil() {
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
System.setProperty("java.security.auth.login.config","<paht>/key/jaas.conf");
}

}

This is jaas.conf:

 

Client {
      com.sun.security.auth.module.Krb5LoginModule required
      useKeyTab=true
      doNotPrompt=true
      useTicketCache=true
      principal="myuser@REALM.COM"
      keyTab="/home/tmp/myown.keytab";
   };

I get the following error:

 

 

>>>KinitOptions cache name is /tmp/krb5cc_1000
java.sql.SQLException: [Simba][ImpalaJDBCDriver](500310) Invalid operation: Unable to obtain Principal Name for authentication ;
at com.cloudera.impala.hivecommon.api.HiveServer2ClientFactory.createTransport(HiveServer2ClientFactory.java:224)
at com.cloudera.impala.hivecommon.api.HiveServer2ClientFactory.createClient(HiveServer2ClientFactory.java:52)
at com.cloudera.impala.hivecommon.core.HiveJDBCConnection.connect(HiveJDBCConnection.java:597)
at com.cloudera.impala.jdbc.common.BaseConnectionFactory.doConnect(BaseConnectionFactory.java:219)
at com.cloudera.impala.jdbc.common.AbstractDriver.connect(AbstractDriver.java:216)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at eu.factory.connection.hive.ImpalaUtil.connect(ImpalaUtil.java:48)
at eu.factory.connection.hive.ImpalaUtil.connection(ImpalaUtil.java:73)
at eu.factory.statement.ExecuteImpalaQuery.q1(ExecuteImpalaQuery.java:15)
Caused by: com.cloudera.impala.support.exceptions.GeneralException: [Simba][ImpalaJDBCDriver](500310) Invalid operation: Unable to obtain Principal Name for authentication ;
... 10 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication 
at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:841)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:704)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at com.cloudera.impala.hivecommon.api.HiveServer2ClientFactory.createTransport(HiveServer2ClientFactory.java:113)
at com.cloudera.impala.hivecommon.api.HiveServer2ClientFactory.createClient(HiveServer2ClientFactory.java:52)
at com.cloudera.impala.hivecommon.core.HiveJDBCConnection.connect(HiveJDBCConnection.java:597)
at com.cloudera.impala.jdbc.common.BaseConnectionFactory.doConnect(BaseConnectionFactory.java:219)
at com.cloudera.impala.jdbc.common.AbstractDriver.connect(AbstractDriver.java:216)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)

 

 

If i start ticket in shell: 

 

> kinit myuser

 

it works properly.

 

 

Any idea?

 

Thanks

 

 

Announcements