Support Questions

huimin · ‎06-25-2025

Dear Support Team,

I hope this message finds you well.

I am currently working on setting up Trino to query data from Hive. However, I am encountering difficulties related to Kerberos authentication. Despite following available documentation, I have not been able to successfully connect to the Hive. I think there is something wrong with my KERBEROS settings. When I use telnet or ping, I can connect to HIVE correctly, but when I use trino CLI, it shows that it is socket is closed by peer.

I would appreciate your guidance on:1. I would like to ask whether I need to set up Kerberos separately for trino connection? 2. How can I get relevant information about kerberos authentication, such as keytab.

Here are some details about my setup:（I think maybe at least this information is needed, but I don't know where to get them as following）1.hive.metastore.client.principal=trino.example.com 2.hive.metastore.client.keytab=trino.keytab .

Please let me know if there are any files I should provide. And thank you in advance for your support.

james_jones · ‎06-27-2025

The principal name may not be complete. Check the keytab and use the principal name it returns:
klist -kt trino.keytab

The Trino principal should include the realm (e.g. trino@YOURREALM ). And if it's a host-based principal it may include the hostname as well (trino/node1.yourdomain.com@YOURREALM). So you might have something like this where _HOST is a placeholder:
trino/_HOST@EXAMPLE.COM. See this document. for more details.

You should also add the full path to the keytab.

If these don't fix it, it might be helpful to know what error messages you are getting on the Trino side and Hive side.

View solution in original post

DianaTorres · ‎06-26-2025

@huimin Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our experts @james_jones @ggangadharan who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

james_jones · ‎06-27-2025

The principal name may not be complete. Check the keytab and use the principal name it returns:
klist -kt trino.keytab

The Trino principal should include the realm (e.g. trino@YOURREALM ). And if it's a host-based principal it may include the hostname as well (trino/node1.yourdomain.com@YOURREALM). So you might have something like this where _HOST is a placeholder:
trino/_HOST@EXAMPLE.COM. See this document. for more details.

You should also add the full path to the keytab.

If these don't fix it, it might be helpful to know what error messages you are getting on the Trino side and Hive side.

DianaTorres · ‎06-30-2025

@huimin Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

yagoaparecidoti · ‎07-02-2025

hi @huimin,
where the connection to Trino is coming from, you must also configure Kerberos, so you need to have access to the Hive ports and the KDC ports for Kerberos authentication.

before using Trino, try connecting to Hive with JDBC, using a simple Python script, where Trino is coming from, to validate the communication and authentication, if it works, you can configure Trino.

this document [1] will help you configure Trino with Hive

[1] = https://janakiev.com/blog/presto-cluster/

DianaTorres · ‎07-04-2025

@huimin Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

huimin · ‎09-01-2025

Dear @DianaTorres @yagoaparecidoti @james_jones

Many thanks for your kind guidance. I was able to successfully connect to the Hive Metastore following your instructions. However, I encountered some issues when connecting to HDFS. Although, I have configured the settings in accordance with the documentation, the system reports that certain parameters are 'not used'.

I have configured the file as follows:

hive.config.resources=core-site.xml,hdfs-site.xml

hive.hdfs.authentication.type=KERBEROS

hive.hdfs.impersonation.enabled=true

hive.hdfs.trino.principal=trino@MYREALM

hive.hdfs.trino.keytab=trino.keytab

could you kindly advise whether this issue may be caused by incorrect parameter settings, or if HDFS requires a different authentication method?

Please let me know if there are any files I should provide. And thank you in advance for your support.

yagoaparecidoti · ‎09-01-2025

hi @huimin,

what error is being returned when accessing HDFS using Trino?

i recommend investigating the namenode logs and even the Trino logs to verify the error details.

huimin · ‎09-03-2025

hi

Many thanks for your kind guidance. My error message is as follows

thank you in advance for your support.

huimin · ‎09-03-2025

hi

Many thanks for your kind guidance. I solved this error!

Support Questions

Connect Trino to Cloudera Hive with Kerberos Authentication