Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

Kerberos authentication with hive JDBC driver

New Contributor

I am trying to connect to Hive database with Oracle SQL developer using Cloudera Hive JDBC drivers.

I keep getting following error message


Status : Failure -Test failed: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.


My Hadoop environment has

  • Hive version
  • Kerberos version 1.10.3-10

I am trying to connect to this Hive database from Windows 7 64-bit machine which has

  • Sqldeveloper version
  • Cloudera_Hive JDBC4 driver
  • MIT Kerberos app version 4.1


Important: Windows machine I am connecting from is on a different domain as that of Hadoop cluster.


I have followed instructions from Using SQL Developer to access Apache Hive with kerberos authentication and steps I have performed are.

  1. Imported all the jar files to SQL Developer from the JDBC driver .
  2. Updated Java Crypto jars (local_policy.jar and US_export_policy.jap in sqldeveloper\jdk\jre\lib\security folder) with ones provided in
  3. Created an environment variable  KRB5CCNAME whose value is set to C:\sqldeveloper\ktfile.keytab
  4. Installed MIT kerberos 4.1 64-bit app
  5. Acquired valid ticked (via kinit/hrough the app)
  6. Picture below shows the connection details

Hive connection details were:



Host name:
port: 10010
database: default

Krbservicename: hive
AuthMech: 1


Can someone please advise me what I can do to fix the issue and connect to Hive using JDBC drivers.





I am using Linux but never tried from windows. Still hope it may give some insights


1. Create a keytab (for the source login) in the environment where you have kerberos installed. And keep the keytab file somewhere like /home/user/.auth/example.keytab (Change the path to windows equalent)

2. Create a shell to call the kinit (change the shell, kinit command to windows equalent)
kinit user@REALM -k -t /home/user/.auth/example.keytab

3. Create a cron job (or anyother job which suits for windows) to call the above shell in a frequent interval. Becuase by default, Kerberos ticket will expire in a week, so you need to run a job to kinit the process in a frequent interval




New Contributor

Hi @saranvisa

I have tried your suggestion but I am still getting error while trying to connect to Hive.


  • I copied the keytab file from hadoop cluster to my windows machine  (ktfile.keytab)
  • I ran the following command from dir where I copied the keytab file 


kinit -k -t ktfile.keytab


  • The above commands get a valid ticket and I can view thsi using MIT Kerberos app.
  • After this If I try to connect to Hive database from SQL Developer I get following error. 
Status : Failure -Test failed: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.

I have noticed that the above kinit command appends data to my original keytab file and any subsequent attempts to run the kinit command to get a tickect results in following error.


kinit: Unsupported key table format version number while getting initial credentials








Status : Failure -Test failed: [Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.


The error message that you showed above is the partial (or) full error? If it is partial, then pls check your error message has any keyword like 'krb'... 


Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)


If you don't find any krb related error then pls do not focus on kerberos... instead you can focus on other points like the port has been opened between the environment, etc like that



New Contributor



The entire error message I see in Oracle SQL Developer is


An error was encountered performing the requested operation:

[Cloudera][HiveJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][HiveJDBCDriver](500169) Unable to connect to server: GSS initiate failed.

Vendor code 500164


Does it mean it is not kerberos error message?


PS: Does having Hadoop cluster (Linux) on different domain than my client machine (Windows) have any bearing on connection?




let me put in this way...

1. do you have access to your linux box by any chance. if so pls login and authenticate with your keytab to make sure everything is ok in your keytab.

2. if you don't have access, ask your admin (those who has access) to use your keytab to authenticate and confirm there is no issue with keytab.

3. In the mean time, the error doesn't show anything about kerberos [usually it will show krb issue if you access from the linux box, but i never tried from windows machine, so not sure]. So you need to make sure the Port is open, Firewall related check, etc... to make sure everything is ok other than kerberos issue

Super Collaborator



If you are using the KRB5CCNAME variable it should not target the keytab file. That is the reason you cannot kinit twice with the same keytab.


That variable should target the Kerberos ticket cache generated using the keytab or login/password.


Also, you need to get a valid Kerberos ticket using the same Kerberos REALM as your Hadoop cluster is using.


Expert Contributor
Did you resolve this SQL Developer connection error? If so what was the solution as I have the same issue. Thanks!

Expert Contributor

This issue was resolved by following the instructions in this site:


We need to copy the Java JCE unlimited strength policy files and the krb5.conf file under jdk/jre/lib/security folder where SQL Developer is installed. After this the Hive connection via Kerberos was successful.