I get error when connecting to hiveserver2 with kerberos authentication from windows machine, my settings are as follows
Hadoop Cluster - CDH 5.4
Hive JDBC driver - 2.5.15
HostName - hiveserver2
port - 10000 (default)
AuthMech - 1
KrbServiceName - hive
KrbHostFQDN - hiveserver.example.com
KrbRealm - example.com
Client environment - windows machine (kerberos in active directory implementation)
Error Message - Cloudera HiveJDBCDriver 500164 Error Initialized or created transport for authentication: CONN_KERBEROS_AUTHENTICATION_ERROR_GET_TICKETCACHE
Struggling with this for few days, let me know what is missing?
I've seen this issue too on Mac machines and with the Impala JDBC driver. The answer lies in an environment variable that needs to be set for the Kerberos cache. This *is* documented for Windows but not for the Mac. Basically you need to have KRB5CCNAME set to a file path.
For Windows this is documented on page 76 of this document: http://www.cloudera.com/content/www/en-us/documentation/other/connectors/hive-jdbc/latest/Cloudera-J...
The same is true for the Impala driver on page 13 here: http://www.cloudera.com/content/www/en-us/documentation/other/connectors/impala-jdbc/latest/Cloudera...
If you come across this error on a Mac (or Linux - probably, I have not tested) your enviornment needs to be set up prior to the application launch and prior to running kinit in a .profile or similar like so:
Hope this helps,
Thank you for your reply. On the windows machine is it possible to point KRB5CCNAME environment variable to MS Windows LSA cache as I should already have the ticket in LSA as part of the windows active directory authentication. Please let me know if this should work
It looks like the LSA cache usage *is* possible, I personally don't have a Windows machine to test it with however. From the MIT Kerbeors docs it looks like there are a few other steps to use this cache on Windows and some tools required.
Have a look on this page https://github.com/krb5/krb5/tree/master/src/windows and look for the section titled 'Credentials Cache' for the steps to try it out.
Hope this helps.
In linux, according to this
The default kerberos cache files are stored in /tmp folder, they match with this pattern:
/tmp/krb5cc_<uid>, where <uid> is your UNIX user-id, represented in decimal format.
Hope it helps.