Reply
Master
Posts: 430
Registered: ‎07-01-2015

Impala ODBC Kerberos UPN Keytab mapping

Hi,

 I am using the latest ODBC driver for Impala 2.5.41.1029, having an issue with a UPNKeytabMappingFile.

The driver cannot read the keytab file and in the Log even in TRACE mode there is no information about why it skipped to try to open the keytab file located in C:\Logs and why he tries to find the keytab on the default location

 

 

Dec 29 10:14:26.299 INFO 3956 ImpalaConnection::Connect: C:\Windows\system32\odbcad32.exe loaded the 64-bit driver.
Dec 29 10:14:26.300 INFO 3956 KSKinitSupport::LookupKinitInfo: The user principal from map file is tomas@MYDOMAIN.LOCAL
Dec 29 10:14:26.300 INFO 3956 KSKinitSupport::Kinit: User principal is: tomas@MYDOMAIN.LOCAL.
Dec 29 10:14:26.300 INFO 3956 KSKinitSupport::Kinit: Trying the default keytab.
Dec 29 10:14:26.300 INFO 3956 KSKinitSupport::Kinit: Obtaining TGT.
Dec 29 10:14:26.302 ERROR 3956 KSKinitSupport::CheckAndLogKrbError: Error message from Kerberos library: Key table file 'C:\Windows\krb5kt' not found

 

 

The mapping file:

{
"tomas": {
"principal" : "tomas@MYDOMAIN.LOCAL",
"keytabfile": "C:\\Logs\\tomas.keytab"
}
}

 

I made sure that the C:\Logs directory is readable by Everyone.

Btw the documentation is incorrect, it states:

 

 

For example, the following file maps the Impala user name cloudera to the cloudera@CLOUDERA
Kerberos user principal name and the C:\Temp\cloudera.keytab file:
{
"cloudera": {
"principal" : "cloudera@CLOUDERA",
"keytabfile": "C:\Temp\cloudera.keytab"
},
... }

But if you use a single \ as the path separator for the keytab file, the error is incorrect JSON parsing

Tomas