Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428

Hive JDBC connection from Windows PC to Linux HDP2.5 with Kerberos

Contributor

I am unable to connect with a JDBC driver from a Windows PC to Hive with Kerberos. Everything is working fine with a ODBC connection. But that is not a option in this case.

The connection string is

jdbc:hive2://XXX.YYY.com:10000/default;principal=hive/XXX.YYY.com@YYYY.com;saslQop=auth-conf

And the error which is recive from Hive's log is:

2017-02-09 16:12:21,254 ERROR [HiveServer2-Handler-Pool: Thread-151963]: server.TThreadPoolServer (TThreadPoolServer.java:run(297)) - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:609)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:606)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1704)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:606)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
        at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 10 more

I guess this is something to do with a kerberos ticket which is not recive by Hive.

Link to JDBC file https://github.com/timveil/hive-jdbc-uber-jar

1 ACCEPTED SOLUTION

Accepted Solutions

Contributor

Thx for the replies. The problem is solve by using Hive2 (Beeline) instead of Hive1.

View solution in original post

4 REPLIES 4

Rising Star

@Anders Boje

Jugding by principal parameter --> principal=hive/XXX.YYY.com

I assume the Kerberos real in the connection string is in upper case, right?. If not, it needs to be

Try to install the Kerberos client for Windows, it will show you what's your initial ticket principal, and what principals is Windows trying to negotiate with. You might have to provide a custom krb5.ini file, specially if your cluster realm differs from your default AD realm. If nothing else works you can install Knox, and connect to HS2 through Knox, HS2 has to run in http transport mode for that.

Contributor

Thx for the replies. The problem is solve by using Hive2 (Beeline) instead of Hive1.

View solution in original post

Great, but next time include all relevant details in you question. We cannot imagine that you are making such basic mistakes.