- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
DBeaver connection issue with CDP Hive.
Created 02-05-2025 02:28 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
I am trying to connect DBeaver from my windows 10 client PC to my CDP Hive cluster, but failing with an error message of following
Caused by: com.cloudera.hiveserver2.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.
My setup
CDP Version : 7.1.9
CDP OS : RHEL 9.1
MIT Kerberos Version : 4.1
DBeaver Version : 24.3.4.202502021521
KDC : Microsoft Active Directory
dbeaver.ini
-startup
plugins/org.jkiss.dbeaver.launcher_1.0.22.202502021521.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.2.1100.v20240722-2106
-vmargs
-XX:+IgnoreUnrecognizedVMOptions
-Dosgi.requiredJavaVersion=17
-Dfile.encoding=UTF-8
--add-modules=ALL-SYSTEM
--add-opens=java.base/java.io=ALL-UNNAMED
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED
--add-opens=java.base/java.net=ALL-UNNAMED
--add-opens=java.base/java.nio=ALL-UNNAMED
--add-opens=java.base/java.nio.charset=ALL-UNNAMED
--add-opens=java.base/java.text=ALL-UNNAMED
--add-opens=java.base/java.time=ALL-UNNAMED
--add-opens=java.base/java.util=ALL-UNNAMED
--add-opens=java.base/java.util.concurrent=ALL-UNNAMED
--add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED
--add-opens=java.base/jdk.internal.vm=ALL-UNNAMED
--add-opens=java.base/jdk.internal.misc=ALL-UNNAMED
--add-opens=java.base/sun.nio.ch=ALL-UNNAMED
--add-opens=java.base/sun.nio.fs=ALL-UNNAMED
--add-opens=java.base/sun.security.ssl=ALL-UNNAMED
--add-opens=java.base/sun.security.action=ALL-UNNAMED
--add-opens=java.base/sun.security.util=ALL-UNNAMED
--add-opens=java.security.jgss/sun.security.jgss=ALL-UNNAMED
--add-opens=java.security.jgss/sun.security.krb5=ALL-UNNAMED
--add-opens=java.desktop/java.awt=ALL-UNNAMED
--add-opens=java.desktop/java.awt.peer=ALL-UNNAMED
--add-opens=java.sql/java.sql=ALL-UNNAMED
-Xms64m
-Xmx1024m
-Ddbeaver.distribution.type=zip
-Djava.security.krb5.debug=true
-Djava.security.krb5.conf=E:\krb5.ini
-Djava.security.auth.login.config="E:\jaas.conf"
krb5.ini
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
kdc_timeout = 5000
default_realm = X.X.X
[realms]
X.X.X.X = {
kdc = DC1.x.x.x
kdc = DC2.x.x.x
kdc = DC3.x.x.x
admin_server = x.x.x.x
default_domain = x.x.x
}
[domain_realm]
x.x.x = X.X.X
.x.x.x = X.X.X
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
doNotPrompt=true
useTicketCache=true
renewTGT=true
principal="etladmin@X.X.X"
;
};
Detail error log
Created 02-19-2025 09:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mamun_Shaheed Please check the JDK version,it is available from Java 13. This look like infrastructure issue not related to Driver.
Created 03-10-2025 09:49 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for my late response.
I did try with the JDK version as mentioned in the driver documentation. It didn't work. However, I am now using keytab method for connecting and I am fine with it.
@asish thanks a ton for all the support.
Created 02-05-2025 06:59 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mamun_Shaheed Make sure you use Cloudera JDBC driver and follow https://community.cloudera.com/t5/Community-Articles/How-to-Connect-to-Hiveserver2-Using-Cloudera-JD... as per your configuration.
Create the connection string based on the article and try.
Created 02-05-2025 08:50 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mamun_Shaheed I just wanted to mention that if you plan to use JAAS config, then set KrbAuthType=1, else if you want the subject for krb authentication obtained automatically set the value to '0'.
currently it is set to 2.
Created on 02-05-2025 09:03 PM - edited 02-05-2025 09:33 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@asishthanks for replying back.
Yes, I am using latest cloudera driver i.e. ClouderaHiveJDBC-2.6.25.1033. Looking in the link in your post, I tried to connect using following URL
jdbc:hive2://<host.domainname>:10001/default;SSL=1;SSLTrustStore=e:\truststore.jks;SSLTrustStorePwd=<password>;LogLevel=6;LogPath=e:\t.txt;AuthMech=1;KrbRealm=<DOMAINNAME>;KrbHostFQDN=HOSTNAME.domainname;KrbServiceName=hive
I copied the trustStore file in my local drive. But I am still getting the same error.
My CDP configuration is kerberos+SSL+HTTP and following works fine while initiating spark session from GW servers.
--conf spark.sql.hive.hiveserver2.jdbc.url="jdbc:hive2://<host.domainname>:10001;ssl=true;sslTrustStore=/opt/cloudera/security/pki/truststore.jks;SSLTrustStorePwd=<password>"
Error trace log
Created 02-05-2025 11:20 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mamun_Shaheed Please check below things in your Windows machine
1. Check if krb5.conf is same as your CDP cluster
2, Are you able to get the ticket in Windows machine?
Created 02-06-2025 02:22 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. yes it is same. Infect I copied it from one of the GW node of CDP cluster.
2. yes, MIT kerberos client shows the ticket is there
Microsoft Windows [Version 10.0.19045.5371]
(c) Microsoft Corporation. All rights reserved.
C:\Users\MAMUN.SHAHEED>e:
E:\>cd E:\Software\kerberos\bin
E:\Software\kerberos\bin>klist
Ticket cache: API:Initial default ccache
Default principal: etladmin@ROBI.COM.BD
Valid starting Expires Service principal
02/06/25 15:51:42 02/06/25 17:51:42 krbtgt/ROBI.COM.BD@ROBI.COM.BD
renew until 02/13/25 12:51:42
E:\Software\kerberos\bin>
Created 02-11-2025 10:23 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Made some progress and now I am able to access hive from Dbeaver. Following changes are made.
Two env variables are set pointing krb5.ini and Kerberos ticket cache file. KrbauthType set to 2 and that made the connection successful.
Now, I am trying to use domain cached login information using Windows SSPI but failing. Can anyone help me on this?
Created 02-13-2025 06:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mamun_Shaheed Could you please try setting
-Dsun.security.jgss.lib="C:\Program Files\Java\jdk- 13.0.2\bin\sspi_bridge.dll"
Please refer https://docs.cloudera.com/documentation/other/connectors/hive-jdbc/2-6-25/Cloudera-JDBC-Connector-fo...
Created 02-16-2025 10:42 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@asish tried with setting up sspi_bridge.dll in dbeaver.ini as mentioned in the doc. It didn't work. Is there any changes require in URL? am using krbAuthType=2.
Created 02-19-2025 09:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mamun_Shaheed Please check the JDK version,it is available from Java 13. This look like infrastructure issue not related to Driver.
