Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

cant create a kerberos ticket

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-30-2016 11:13 PM

I cant create a ticket I think I need one because beeline is failing to connect to hive2 server .

[root@hadoop1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin@TOLLS.DOT.STATE.FL.US
Valid starting     Expires            Service principal
11/30/16 17:00:42  12/01/16 17:00:42  krbtgt/TOLLS.DOT.STATE.FL.US@TOLLS.DOT.STATE.FL.US
        renew until 11/30/16 17:00:42
[root@hadoop1 ~]# kinit hive
kinit: Client not found in Kerberos database while getting initial credentials
[root@hadoop1 ~]#

beeline error 

beeline> !connect jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Connecting to jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Enter username for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: hive
Enter password for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: *******
16/11/30 18:09:19 [main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
7,270 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎11-30-2016 11:25 PM

" Error: Client not found in Kerberos database while getting initial credentials" , is saying that principal 'hive' is not in the KDC , you need to create one to do a kinit with it.

View solution in original post

6,742 Views
0 Kudos
4 REPLIES 4

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎11-30-2016 11:25 PM

" Error: Client not found in Kerberos database while getting initial credentials" , is saying that principal 'hive' is not in the KDC , you need to create one to do a kinit with it.

6,743 Views
0 Kudos

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-30-2016 11:54 PM

ok it worked , thanks a lot for your help . I had to create the ticket as user hive before starting beeline.

[hive@hadoop1 ~]$ kinit hive
Password for hive@TOLLS.DOT.STATE.FL.US:
[hive@hadoop1 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_1004
Default principal: hive@TOLLS.DOT.STATE.FL.US
Valid starting     Expires            Service principal
11/30/16 18:52:14  12/01/16 18:52:14  krbtgt/TOLLS.DOT.STATE.FL.US@TOLLS.DOT.STATE.FL.US
        renew until 11/30/16 18:52:14
[hive@hadoop1 ~]$ beeline
Beeline version 1.2.1000.2.5.0.0-1245 by Apache Hive
beeline> !connect jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Connecting to jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Enter username for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: hive
Enter password for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: *******
Connected to: Apache Hive (version 1.2.1000.2.5.0.0-1245)
Driver: Hive JDBC (version 1.2.1000.2.5.0.0-1245)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://hadoop2:10000/default>
6,742 Views
0 Kudos

avatar
author-rank Ravi_G author-rank
Expert Contributor

Created ‎11-30-2016 11:29 PM

@Sami Ahmad

This is the right way to get service tickets.

[root@gwy-ravi ~]#
[root@gwy-ravi ~]#
[root@gwy-ravi ~]# klist -kt /etc/security/keytabs/hive.service.keytab
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
[root@gwy-ravi ~]# kinit -kt /etc/security/keytabs/hive.service.keytab hive/gwy-ravi.ironman.com@RAVI.COM
[root@gwy-ravi ~]#
[root@gwy-ravi ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/gwy-ravi.ironman.com@RAVI.COM


Valid starting     Expires            Service principal
11/30/16 23:28:30  12/01/16 23:28:30  krbtgt/RAVI.COM@RAVI.COM
	renew until 11/30/16 23:28:30
[root@gwy-ravi ~]#
6,742 Views

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-30-2016 11:36 PM

ok I created the hive/admin principal in KDC is this correct ? 

[root@hadoop1 ~]# kadmin.local
Authenticating as principal admin/admin@TOLLS.DOT.STATE.FL.US with password.
kadmin.local:  addprinc hive/admin
WARNING: no policy specified for hive/admin@TOLLS.DOT.STATE.FL.US; defaulting to no policy
Enter password for principal "hive/admin@TOLLS.DOT.STATE.FL.US":
Re-enter password for principal "hive/admin@TOLLS.DOT.STATE.FL.US":
Principal "hive/admin@TOLLS.DOT.STATE.FL.US" created.
[root@hadoop1 ~]# kinit hive/admin
Password for hive/admin@TOLLS.DOT.STATE.FL.US:
[root@hadoop1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/admin@TOLLS.DOT.STATE.FL.US
Valid starting     Expires            Service principal
11/30/16 18:45:50  12/01/16 18:45:50  krbtgt/TOLLS.DOT.STATE.FL.US@TOLLS.DOT.STATE.FL.US
        renew until 11/30/16 18:45:50
6,742 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements