Support Questions

Find answers, ask questions, and share your expertise

Hive JDBC connection from Windows PC to Linux HDP2.5 with Kerberos

avatar
Contributor

I am unable to connect with a JDBC driver from a Windows PC to Hive with Kerberos. Everything is working fine with a ODBC connection. But that is not a option in this case.

The connection string is

jdbc:hive2://XXX.YYY.com:10000/default;principal=hive/XXX.YYY.com@YYYY.com;saslQop=auth-conf

And the error which is recive from Hive's log is:

2017-02-09 16:12:21,254 ERROR [HiveServer2-Handler-Pool: Thread-151963]: server.TThreadPoolServer (TThreadPoolServer.java:run(297)) - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:609)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:606)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:360)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1704)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:606)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
        at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 10 more

I guess this is something to do with a kerberos ticket which is not recive by Hive.

Link to JDBC file https://github.com/timveil/hive-jdbc-uber-jar

1 ACCEPTED SOLUTION

avatar
Contributor

Thx for the replies. The problem is solve by using Hive2 (Beeline) instead of Hive1.

View solution in original post

4 REPLIES 4

avatar
Expert Contributor

@Anders Boje

Jugding by principal parameter --> principal=hive/XXX.YYY.com

I assume the Kerberos real in the connection string is in upper case, right?. If not, it needs to be

avatar
Master Guru

Try to install the Kerberos client for Windows, it will show you what's your initial ticket principal, and what principals is Windows trying to negotiate with. You might have to provide a custom krb5.ini file, specially if your cluster realm differs from your default AD realm. If nothing else works you can install Knox, and connect to HS2 through Knox, HS2 has to run in http transport mode for that.

avatar
Contributor

Thx for the replies. The problem is solve by using Hive2 (Beeline) instead of Hive1.

avatar
Master Guru

Great, but next time include all relevant details in you question. We cannot imagine that you are making such basic mistakes.