Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.

cant create a kerberos ticket

avatar
Super Collaborator

I cant create a ticket I think I need one because beeline is failing to connect to hive2 server .

[root@hadoop1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/[email protected]
Valid starting     Expires            Service principal
11/30/16 17:00:42  12/01/16 17:00:42  krbtgt/[email protected]
        renew until 11/30/16 17:00:42
[root@hadoop1 ~]# kinit hive
kinit: Client not found in Kerberos database while getting initial credentials
[root@hadoop1 ~]#

beeline error

beeline> !connect jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]
Connecting to jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]
Enter username for jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]: hive
Enter password for jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]: *******
16/11/30 18:09:19 [main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
1 ACCEPTED SOLUTION

avatar
Super Collaborator

" Error: Client not found in Kerberos database while getting initial credentials" , is saying that principal 'hive' is not in the KDC , you need to create one to do a kinit with it.

View solution in original post

4 REPLIES 4

avatar
Super Collaborator

" Error: Client not found in Kerberos database while getting initial credentials" , is saying that principal 'hive' is not in the KDC , you need to create one to do a kinit with it.

avatar
Super Collaborator

ok it worked , thanks a lot for your help . I had to create the ticket as user hive before starting beeline.

[hive@hadoop1 ~]$ kinit hive
Password for [email protected]:
[hive@hadoop1 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_1004
Default principal: [email protected]
Valid starting     Expires            Service principal
11/30/16 18:52:14  12/01/16 18:52:14  krbtgt/[email protected]
        renew until 11/30/16 18:52:14
[hive@hadoop1 ~]$ beeline
Beeline version 1.2.1000.2.5.0.0-1245 by Apache Hive
beeline> !connect jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]
Connecting to jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]
Enter username for jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]: hive
Enter password for jdbc:hive2://hadoop2:10000/default;principal=hive/[email protected]: *******
Connected to: Apache Hive (version 1.2.1000.2.5.0.0-1245)
Driver: Hive JDBC (version 1.2.1000.2.5.0.0-1245)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://hadoop2:10000/default>


avatar
Expert Contributor
@Sami Ahmad

This is the right way to get service tickets.

[root@gwy-ravi ~]#
[root@gwy-ravi ~]#
[root@gwy-ravi ~]# klist -kt /etc/security/keytabs/hive.service.keytab
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 11/16/16 22:54:16 hive/[email protected]
   2 11/16/16 22:54:16 hive/[email protected]
   2 11/16/16 22:54:16 hive/[email protected]
   2 11/16/16 22:54:16 hive/[email protected]
   2 11/16/16 22:54:16 hive/[email protected]
[root@gwy-ravi ~]# kinit -kt /etc/security/keytabs/hive.service.keytab hive/[email protected]
[root@gwy-ravi ~]#
[root@gwy-ravi ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/[email protected]


Valid starting     Expires            Service principal
11/30/16 23:28:30  12/01/16 23:28:30  krbtgt/[email protected]
	renew until 11/30/16 23:28:30
[root@gwy-ravi ~]#

avatar
Super Collaborator

ok I created the hive/admin principal in KDC is this correct ?

[root@hadoop1 ~]# kadmin.local
Authenticating as principal admin/[email protected] with password.
kadmin.local:  addprinc hive/admin
WARNING: no policy specified for hive/[email protected]; defaulting to no policy
Enter password for principal "hive/[email protected]":
Re-enter password for principal "hive/[email protected]":
Principal "hive/[email protected]" created.
[root@hadoop1 ~]# kinit hive/admin
Password for hive/[email protected]:
[root@hadoop1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/[email protected]
Valid starting     Expires            Service principal
11/30/16 18:45:50  12/01/16 18:45:50  krbtgt/[email protected]
        renew until 11/30/16 18:45:50