Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Connection to DBeaver | NiFi and HiveServer2 Fails; IPA Kerberos; *GSS initiate failed* error; DEBUG : "failed to open server transport | transport map does not contain key"

Highlighted

Connection to DBeaver | NiFi and HiveServer2 Fails; IPA Kerberos; *GSS initiate failed* error; DEBUG : "failed to open server transport | transport map does not contain key"

New Contributor

Hi All,

I am trying to connect DBeaver with Hive with below string:

jdbc:hive2://hostname:10000/;principal=hive/hostname@DOMAIN.ORG

DBeaver.ini config:

-startup

plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar

--launcher.library

plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.551.v20171108-1834

-showsplash

-vmargs

-XX:+IgnoreUnrecognizedVMOptions

--add-modules=ALL-SYSTEM

-Xms64m

-Xmx1024m

-Djavax.security.auth.useSubjectCredsOnly=false

-Djava.security.krb5.conf=C:\Program Files\DBeaver\jre\lib\security\krb5.conf

-Djava.security.auth.login.config=C:\Program Files\DBeaver\jre\lib\security\jaas.conf

-Djava.security.krb5.debug=true

-Dsun.security.krb5.debug=true

jass.conf :

Client { com.sun.security.auth.module.Krb5LoginModule required debug=true doNotPrompt=true useKeyTab=true keyTab="C:\Users\{user}\krb5cc_{user}" useTicketCache=true renewTGT=true principal="{user}@DOMAIN.ORG" ; };

Hive server Debug mode :

transport.TSaslServerTransport (TSaslServerTransport.java:getTransport(213)) - transport map does not contain key

transport.TSaslServerTransport (TSaslServerTransport.java:getTransport(218)) - failed to open server transport

Peer indicated failure: GSS initiate failed

Steps tried :

  1. Added "transportMode=http;httpPath=cliservice;auth=kerberos;sasl.qop=auth" in the string.
  2. moved MySQL to other hosts.
  3. Tried doing changes to all the ldap files like sshd, ssd configs for GSSAPI.
  4. Sent hive-site.xml to dbeaver folder.
  5. Changed hive.metastore.sasl.enabled to false.
  6. Hive.server2.thrift.sasl.qop to auth, auth-int and added the same in string of jdbc:hive2.
  7. Changed transportMode to http and port number from 10000 to 10001 in string, no solution.
  8. Tried enabling ACID transaction as it contains thrift.auth jar property, but didnt worked.
  9. Tried almost all the forums available on Hortonworks community and other websites.

Observations:

  1. IPA is able to authenticate on DBeaver and Nifi.
  2. DBeaver is able to authenticate via kinit.exe from windows.
  3. When i disabled HiveServer2.Authentication "Kerberos" to "none" it is working fine.
  4. Exact same error with HDF-NiFi, when enabled Kerberos i am getting GSS initiate and when disabled its working.

Please let me know if any more information is required.

Need urgent help on the same as it needs to be implemented on PROD cluster.

Don't have an account?
Coming from Hortonworks? Activate your account here