Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

DBeaver to Cloudera HIVE: Connection Failure

avatar

The authentication is based on Kerberos Authentication.

 

Have get the kerberos ticket in Windows MIT, but receiving the error message as follow when tried to connection the Cloudera Hive with DBeaver:

 

Mar 16 11:56:00.397 TRACE 33 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaAccessControlContext(): +++++ enter +++++
Mar 16 11:56:00.398 TRACE 33 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaJAASConfig(): +++++ enter +++++
Mar 16 11:56:00.399 ERROR 33 com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport: Kerberos subject retrieved via JAAS config
Mar 16 11:56:00.920 ERROR 33 com.cloudera.hive.exceptions.ExceptionConverter.toSQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed.
java.sql.SQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed.
at com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
at com.cloudera.hive.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
at com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
at com.cloudera.hive.hive.core.HiveJDBCConnection.connect(Unknown Source)
at com.cloudera.hive.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.cloudera.hive.jdbc.common.AbstractDriver.connect(Unknown Source)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:247)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
Caused by: com.cloudera.hive.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed.
... 20 more
Caused by: java.lang.RuntimeException: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed
at com.cloudera.hive.hivecommon.api.HiveServerPrivilegedAction.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAs(Unknown Source)
at com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
at com.cloudera.hive.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
at com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
at com.cloudera.hive.hive.core.HiveJDBCConnection.connect(Unknown Source)
at com.cloudera.hive.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.cloudera.hive.jdbc.common.AbstractDriver.connect(Unknown Source)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:247)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
... 24 more

10 REPLIES 10

avatar
Super Guru
@TanChoonKiat

Can you please share your JDBC connection string?

Cheers
Eric

avatar

@EricL 

 

Are you referring to the JDBC URL? If yes, below is the JDBC URL that i am using:

 

jdbc:hive2://10.11.121.20:10001/default;AuthMech=1;principal=hive/domain@domain;KrbHostFQDN=10.11.121.21;KrbServiceName=hive;KrbAuthType=2;LogLevel=6;LogPath=c:\ProgramData\MIT\Kerberos5\log.log

and below is the error log during my latest testing:

 

Mar 16 17:24:25.121 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.DSIConnection(com.cloudera.hive.hive.core.HiveJDBCEnvironment@3c7b0e50): +++++ enter +++++
Mar 16 17:24:25.122 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(101, Variant[type: TYPE_WSTRING, value: HiveJDBC]): +++++ enter +++++
Mar 16 17:24:25.122 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(139, Variant[type: TYPE_WSTRING, value: User]): +++++ enter +++++
Mar 16 17:24:25.123 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(22, Variant[type: TYPE_WSTRING, value: Hive]): +++++ enter +++++
Mar 16 17:24:25.127 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(58, Variant[type: TYPE_WSTRING, value: `]): +++++ enter +++++
Mar 16 17:24:25.127 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(66, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:24:25.127 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(68, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:24:25.128 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(76, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:24:25.128 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(81, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:24:25.128 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(83, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:24:25.129 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(80, Variant[type: TYPE_WSTRING, value: N]): +++++ enter +++++
Mar 16 17:24:25.129 TRACE 41 com.cloudera.hive.hive.core.HiveJDBCConnection.HiveJDBCConnection(com.cloudera.hive.hive.core.HiveJDBCEnvironment@3c7b0e50): +++++ enter +++++
Mar 16 17:24:25.147 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.registerWarningListener(com.cloudera.hive.jdbc.common.SWarningListener@755cbca6): +++++ enter +++++
Mar 16 17:24:25.147 TRACE 41 com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.updateConnectionSettings(): +++++ enter +++++
Mar 16 17:24:25.151 TRACE 41 com.cloudera.hive.jdbc.common.CommonCoreUtils.logConnectionFunctionEntrance({AuthMech=Variant[type: TYPE_WSTRING, value: 1], ConnSchema=Variant[type: TYPE_WSTRING, value: default], DatabaseType=Variant[type: TYPE_WSTRING, value: Hive], HiveServerType=Variant[type: TYPE_WSTRING, value: 2], Host=Variant[type: TYPE_WSTRING, value: 10.11.121.20], KrbAuthType=Variant[type: TYPE_WSTRING, value: 2], KrbHostFQDN=Variant[type: TYPE_WSTRING, value: 10.11.121.21], KrbRealm=Variant[type: TYPE_WSTRING, value: AIU.XXXXX], KrbServiceName=Variant[type: TYPE_WSTRING, value: hive], LogLevel=Variant[type: TYPE_WSTRING, value: 6], LogPath=Variant[type: TYPE_WSTRING, value: c:\ProgramData\MIT\Kerberos5\log.log], Port=Variant[type: TYPE_WSTRING, value: 10001], principal=Variant[type: TYPE_WSTRING, value: hive/sthdmgt1-pvt.aiu.xxxxxx@AIU.XXXXXX], sskTrustStore=Variant[type: TYPE_WSTRING, value: C:\ProgramData\MIT\Kerberos5\hive.truststore], ssl=Variant[type: TYPE_WSTRING, value: 1], trustStorePassword=Variant[type: TYPE_WSTRING, value: "AiuHive"]}, "Major Version: 2", "Minor Version: 5", "Hot Fix Version: 15", "Build Number: 1040", "java.vendor:AdoptOpenJDK", "java.version:11.0.5", "os.arch:amd64", "os.name:Windows 10", "os.version:10.0", "Runtime.totalMemory:82837504", "Runtime.maxMemory:1073741824", "Runtime.avaialableProcessors:8", URLClassLoader.getURLs(): No URLClassLoader available.): +++++ enter +++++
Mar 16 17:24:25.395 TRACE 41 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaAccessControlContext(): +++++ enter +++++
Mar 16 17:24:25.406 TRACE 41 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaJAASConfig(): +++++ enter +++++
Mar 16 17:24:25.406 TRACE 41 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaTicketCache(): +++++ enter +++++
Mar 16 17:24:25.441 ERROR 41 com.cloudera.hive.exceptions.ExceptionConverter.toSQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: CONN_KERBEROS_AUTHENTICATION_ERROR_GET_TICKETCACHE.
java.sql.SQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: CONN_KERBEROS_AUTHENTICATION_ERROR_GET_TICKETCACHE.
at com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
at com.cloudera.hive.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
at com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
at com.cloudera.hive.hive.core.HiveJDBCConnection.connect(Unknown Source)
at com.cloudera.hive.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.cloudera.hive.jdbc.common.AbstractDriver.connect(Unknown Source)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
Caused by: com.cloudera.hive.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: CONN_KERBEROS_AUTHENTICATION_ERROR_GET_TICKETCACHE.
... 30 more
Caused by: com.cloudera.hive.support.exceptions.GeneralException: CONN_KERBEROS_AUTHENTICATION_ERROR_GET_TICKETCACHE
... 30 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at java.base/javax.security.auth.login.LoginContext.invoke(Unknown Source)
at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at java.base/javax.security.auth.login.LoginContext.login(Unknown Source)
at com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaTicketCache(Unknown Source)
at com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
at com.cloudera.hive.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
at com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
at com.cloudera.hive.hive.core.HiveJDBCConnection.connect(Unknown Source)
at com.cloudera.hive.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.cloudera.hive.jdbc.common.AbstractDriver.connect(Unknown Source)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)

Mar 16 17:33:37.773 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.DSIConnection(com.cloudera.hive.hive.core.HiveJDBCEnvironment@327a194b): +++++ enter +++++
Mar 16 17:33:37.778 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(101, Variant[type: TYPE_WSTRING, value: HiveJDBC]): +++++ enter +++++
Mar 16 17:33:37.778 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(139, Variant[type: TYPE_WSTRING, value: User]): +++++ enter +++++
Mar 16 17:33:37.779 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(22, Variant[type: TYPE_WSTRING, value: Hive]): +++++ enter +++++
Mar 16 17:33:37.780 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(58, Variant[type: TYPE_WSTRING, value: `]): +++++ enter +++++
Mar 16 17:33:37.780 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(66, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:33:37.781 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(68, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:33:37.782 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(76, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:33:37.782 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(81, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:33:37.783 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(83, Variant[type: TYPE_UINT16, value: -1]): +++++ enter +++++
Mar 16 17:33:37.784 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.setProperty(80, Variant[type: TYPE_WSTRING, value: N]): +++++ enter +++++
Mar 16 17:33:37.785 TRACE 41 com.cloudera.hive.hive.core.HiveJDBCConnection.HiveJDBCConnection(com.cloudera.hive.hive.core.HiveJDBCEnvironment@327a194b): +++++ enter +++++
Mar 16 17:33:37.805 TRACE 41 com.cloudera.hive.dsi.core.impl.DSIConnection.registerWarningListener(com.cloudera.hive.jdbc.common.SWarningListener@13ff0f12): +++++ enter +++++
Mar 16 17:33:37.805 TRACE 41 com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.updateConnectionSettings(): +++++ enter +++++
Mar 16 17:33:37.805 TRACE 41 com.cloudera.hive.jdbc.common.CommonCoreUtils.logConnectionFunctionEntrance({AuthMech=Variant[type: TYPE_WSTRING, value: 1], ConnSchema=Variant[type: TYPE_WSTRING, value: default], DatabaseType=Variant[type: TYPE_WSTRING, value: Hive], HiveServerType=Variant[type: TYPE_WSTRING, value: 2], Host=Variant[type: TYPE_WSTRING, value: 10.11.121.20], KrbAuthType=Variant[type: TYPE_WSTRING, value: 2], KrbHostFQDN=Variant[type: TYPE_WSTRING, value: 10.11.121.21], KrbRealm=Variant[type: TYPE_WSTRING, value: AIU.XXXXXX], KrbServiceName=Variant[type: TYPE_WSTRING, value: hive], LogLevel=Variant[type: TYPE_WSTRING, value: 6], LogPath=Variant[type: TYPE_WSTRING, value: c:\ProgramData\MIT\Kerberos5\log.log], Port=Variant[type: TYPE_WSTRING, value: 10001], principal=Variant[type: TYPE_WSTRING, value: hive/sthdmgt1-pvt.aiu.xxxxxx@AIU.XXXXXX], sskTrustStore=Variant[type: TYPE_WSTRING, value: C:\ProgramData\MIT\Kerberos5\hive.truststore], ssl=Variant[type: TYPE_WSTRING, value: 1], trustStorePassword=Variant[type: TYPE_WSTRING, value: "AiuHive"]}, "Major Version: 2", "Minor Version: 5", "Hot Fix Version: 15", "Build Number: 1040", "java.vendor:AdoptOpenJDK", "java.version:11.0.5", "os.arch:amd64", "os.name:Windows 10", "os.version:10.0", "Runtime.totalMemory:80740352", "Runtime.maxMemory:1073741824", "Runtime.avaialableProcessors:8", URLClassLoader.getURLs(): No URLClassLoader available.): +++++ enter +++++
Mar 16 17:33:38.213 TRACE 41 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaAccessControlContext(): +++++ enter +++++
Mar 16 17:33:38.231 TRACE 41 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaJAASConfig(): +++++ enter +++++
Mar 16 17:33:38.231 TRACE 41 com.cloudera.hive.jdbc.kerberos.Kerberos.getSubjectViaTicketCache(): +++++ enter +++++
Mar 16 17:33:38.302 ERROR 41 com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport: Kerberos subject retrieved via ticket cache lookup
Mar 16 17:33:39.169 ERROR 41 com.cloudera.hive.exceptions.ExceptionConverter.toSQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
java.sql.SQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
at com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
at com.cloudera.hive.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
at com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
at com.cloudera.hive.hive.core.HiveJDBCConnection.connect(Unknown Source)
at com.cloudera.hive.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.cloudera.hive.jdbc.common.AbstractDriver.connect(Unknown Source)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
Caused by: com.cloudera.hive.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
... 30 more
Caused by: java.lang.RuntimeException: [Cloudera][HiveJDBCDriver](500168) Unable to connect to server: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.cloudera.hive.hivecommon.api.HiveServerPrivilegedAction.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAs(Unknown Source)
at com.cloudera.hive.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
at com.cloudera.hive.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
at com.cloudera.hive.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
at com.cloudera.hive.hive.core.HiveJDBCConnection.connect(Unknown Source)
at com.cloudera.hive.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.cloudera.hive.jdbc.common.AbstractDriver.connect(Unknown Source)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
... 34 more

avatar
Super Guru
@TanChoonKiat

Your JDBC Connection string is wrong, assuming that you are using Cloudera Hive JDBC Driver:

jdbc:hive2://xx.xx.xxx.xx:10001/default;AuthMech=1;principal=hive/domain@domain;KrbHostFQDN=10.11.121.21;KrbServiceName=hive;KrbAuthType=2;LogLevel=6;LogPath=c:\ProgramData\MIT\Kerberos5\log.log

1. No need for "principal"
2. Can you please check what's the full principals from your KDC server? KrbHostFQDN should be normally the domain name, not IP.
3. you are missing KrbRealm, which should be the part after "@" from your principal

Please try to correct those and try again. Full JDBC doc can be found here:
https://docs.cloudera.com/documentation/other/connectors/hive-jdbc/latest/Cloudera-JDBC-Driver-for-A...

Cheers
Eric

avatar

Hi Eric,

 

Thanks for your advice, I had referring the document you provide to configure the string but still face the same error.

I attach all info as below, appreciate your could help.

1. jass.ini

Client{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="c:\ProgramData\MIT\Kerberos5\hive.keytab"
principal="hive/sthdmgt1.aiu.xxxxxx@AIU.XXXXXX";
doNotPrompt=true
};

Client{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="c:\ProgramData\MIT\Kerberos5\hive.keytab"
principal="hive/sthdmgt1.aiu.xxxxxx@Domain";
doNotPrompt=true
};

 

2. dbeaver.ini

-startup
plugins/org.eclipse.equinox.launcher_1.5.600.v20191014-2022.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.1100.v20190907-0426
-vmargs
-XX:+IgnoreUnrecognizedVMOptions
--add-modules=ALL-SYSTEM
-Xms64m
-Xmx1024m
-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.krb5.conf=C:\Program Files\DBeaver\krb5.conf
-Djava.security.auth.login.config=C:\Program Files\DBeaver\jaas.conf

 

3. JDBC String

jdbc:hive2://{host}:{port}/{database};AuthMech=1;KrbRealm=Domain;KrbHostFQDN={server};KrbServiceName=hive;KrbAuthType=2;LogLevel=6;LogPath=c:\ProgramData\MIT\Kerberos5\log.log

 

4. Krb5.ini

[libdefaults]
default_realm=Domain
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
AIU.XXXXXX={
kdc=sthdnj1-pvt.Domain
admin_server=sthdnj1-pvt.Domain
}
[domain_realm]

 

5. Klist Info

C:\Program Files\MIT\Kerberos\bin>klist
Ticket cache: FILE:C:\temp\krb
Default principal: hive/sthdmgt1-pvt.Domain@Domain

Valid starting Expires Service principal
03/17/20 13:07:24 03/18/20 13:07:24 krbtgt/Domain@Domain
renew until 03/22/20 13:07:24

 

Error Code:

 

Mar 17 13:12:05.063 ERROR 31 com.cloudera.hiveserver2.exceptions.ExceptionConverter.toSQLException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
java.sql.SQLException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
	at com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.AbstractDriver.connect(Unknown Source)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
	at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
	at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:247)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
Caused by: com.cloudera.hiveserver2.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
	... 20 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication 
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext.invoke(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext.login(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.kerberos.Kerberos.getSubjectViaTicketCache(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.AbstractDriver.connect(Unknown Source)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
	at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
	at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:247)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)

 

 

Thanks & Regards,

Tan Choon Kiat

avatar
Super Guru

Hi

Your JDBC connection string:

jdbc:hive2://{host}:{port}/{database};AuthMech=1;KrbRealm=Domain;KrbHostFQDN={server};KrbServiceName=hive;KrbAuthType=2;LogLevel=6;LogPath=c:\ProgramData\MIT\Kerberos5\log.log

Is "Domain" the real string or a placeholder? From your krb5, your Realm should be "AIU.XXXXXX", so I want to confirm.

Cheers
Eric

avatar

Hi Eric,

 

Yes due to privacy, I was changed "AIU.XXXXXX" to Domain.

 

Best Regards,

Choon Kiat

avatar
Super Guru
Hi Choon Kiat,

Thanks for the confirmation. I have checked further, "Unable to obtain Principal Name for authentication" can happen when the JCE jars are not up to date on the client machine and not able to use the encryption key provided by Kerberos KDC.

Can you please download the latest/appropriate JCE jars and place them in directory $JAVA_HOME/jre/lib/security. The files are:

US_export_policy.jar
local_policy.jar

These files are dependent on the Java version. For Java8, it can be found here:
https://www.oracle.com/java/technologies/javase-jce8-downloads.html

Please give it a try and see how it goes.

Regards
Eric

avatar

Hi Eric,

 

After copy that two policy jar file to "$JAVA_HOME/jre/lib/security" still got the error code as below:

Mar 18 10:53:22.385 ERROR 30 com.cloudera.hiveserver2.exceptions.ExceptionConverter.toSQLException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
java.sql.SQLException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
	at com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.AbstractDriver.connect(Unknown Source)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
	at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
	at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
	at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
	at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
	at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
	at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
Caused by: com.cloudera.hiveserver2.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
	... 30 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication 
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
	at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext.invoke(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext$4.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
	at java.base/javax.security.auth.login.LoginContext.login(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.kerberos.Kerberos.getSubjectViaTicketCache(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.AbstractDriver.connect(Unknown Source)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
	at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
	at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
	at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
	at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
	at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
	at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)

 After that, I try to declare the KRB5CCNAME on Environment Variable and observation different error as below:

 

Mar 18 11:06:20.072 DEBUG 31 com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport: Kerberos subject retrieved via ticket cache lookup
Mar 18 11:06:20.222 ERROR 31 com.cloudera.hiveserver2.exceptions.ExceptionConverter.toSQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.
java.sql.SQLException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.
	at com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.AbstractDriver.connect(Unknown Source)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
	at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
	at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
	at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
	at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
	at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
	at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
Caused by: com.cloudera.hiveserver2.support.exceptions.GeneralException: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.
	... 30 more
Caused by: java.lang.RuntimeException: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed
	at com.cloudera.hiveserver2.hivecommon.api.HiveServerPrivilegedAction.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.Subject.doAs(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.api.ZooKeeperEnabledExtendedHS2Factory.createClient(Unknown Source)
	at com.cloudera.hiveserver2.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
	at com.cloudera.hiveserver2.jdbc.common.AbstractDriver.connect(Unknown Source)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:157)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:174)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:124)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:91)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:52)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:109)
	at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:106)
	at org.jkiss.dbeaver.ext.generic.model.meta.GenericMetaModel.createDataSourceImpl(GenericMetaModel.java:72)
	at org.jkiss.dbeaver.ext.generic.GenericDataSourceProvider.openDataSource(GenericDataSourceProvider.java:95)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:801)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.runSync(ConnectJob.java:98)
	at org.jkiss.dbeaver.ui.actions.datasource.DataSourceHandler.connectToDataSource(DataSourceHandler.java:106)
	at org.jkiss.dbeaver.ui.actions.datasource.UIServiceConnectionsImpl.initConnection(UIServiceConnectionsImpl.java:63)
	at org.jkiss.dbeaver.model.navigator.DBNDataSource.initializeNode(DBNDataSource.java:151)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:198)
	at org.jkiss.dbeaver.model.navigator.DBNDatabaseNode.getChildren(DBNDatabaseNode.java:1)
	at org.jkiss.dbeaver.model.navigator.DBNUtils.getNodeChildrenFiltered(DBNUtils.java:70)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:49)
	at org.jkiss.dbeaver.ui.navigator.database.load.TreeLoadService.evaluate(TreeLoadService.java:1)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:86)
	at org.jkiss.dbeaver.ui.LoadingJob.run(LoadingJob.java:71)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:103)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: com.cloudera.hive.jdbc4.internal.apache.thrift.transport.TTransportException: GSS initiate failed
	at com.cloudera.hive.jdbc4.internal.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
	at com.cloudera.hive.jdbc4.internal.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
	at com.cloudera.hive.jdbc4.internal.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
	... 34 more

 

Regards,

Choon Kiat

avatar
Expert Contributor
DBeaver connection with JDBC kerberos to Hive/Impala is somewhat difficult to make it work. Try an easier method using ODBC as given in https://plenium.wordpress.com/2019/10/15/connect-dbeaver-sql-tool-to-cloudera-hive-impala-with-kerbe...