Support Questions

alarsen · ‎02-09-2017

I am unable to connect with a JDBC driver from a Windows PC to Hive with Kerberos. Everything is working fine with a ODBC connection. But that is not a option in this case.

The connection string is

jdbc:hive2://XXX.YYY.com:10000/default;principal=hive/XXX.YYY.com@YYYY.com;saslQop=auth-conf

And the error which is recive from Hive's log is:

2017-02-09 16:12:21,254 ERROR [HiveServer2-Handler-Pool: Thread-151963]: server.TThreadPoolServer (TThreadPoolServer.java:run(297)) - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:609)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:606)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1704)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:606)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
        at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 10 more

I guess this is something to do with a kerberos ticket which is not recive by Hive.

Link to JDBC file https://github.com/timveil/hive-jdbc-uber-jar

alarsen · ‎03-01-2017

Thx for the replies. The problem is solve by using Hive2 (Beeline) instead of Hive1.

View solution in original post

icocio · ‎03-01-2017

@Anders Boje

Jugding by principal parameter --> principal=hive/XXX.YYY.com

I assume the Kerberos real in the connection string is in upper case, right?. If not, it needs to be

pminovic · ‎03-01-2017

Try to install the Kerberos client for Windows, it will show you what's your initial ticket principal, and what principals is Windows trying to negotiate with. You might have to provide a custom krb5.ini file, specially if your cluster realm differs from your default AD realm. If nothing else works you can install Knox, and connect to HS2 through Knox, HS2 has to run in http transport mode for that.

alarsen · ‎03-01-2017

Thx for the replies. The problem is solve by using Hive2 (Beeline) instead of Hive1.

pminovic · ‎03-01-2017

Great, but next time include all relevant details in you question. We cannot imagine that you are making such basic mistakes.

Cloudera Community

Support Questions

Hive JDBC connection from Windows PC to Linux HDP2.5 with Kerberos