Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Kerberos impersonation for Hive (Beeline)

Kerberos impersonation for Hive (Beeline)

Contributor

Hi

I am trying to impersonate kerberos in order to connect to hive but it is giving gss init exception.

<code>UserGroupInformation ugi = kinit.generateKerberosTicket(configResources, keytab, principal);
serGroupInformation ugiProxy =  UserGroupInformation.createProxyUser("shashi", ugi.getCurrentUser());

ugiProxy.doAs( new PrivilegedExceptionAction<Void>(){
            @Override
            public Void run() throws Exception {
                Connection con = DriverManager.getConnection("jdbc:hive2://quickstart.cloudera:10000/default;principal=hive/quickstart.cloudera@CLOUDERA", "shashi", "");
                Statement stmt = con.createStatement();
                String sql = "show databases ";
                ResultSet res = stmt.executeQuery(sql);
                if (res.next()) {
                    System.out.println("DB names ---- >" +res.getString(1));
                }

                makeHiveJdbcConnection();
                return null;
            }

But getting following exception .

<code>java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://quickstart.cloudera:10000/default;principal=hive/quickstart.cloudera@CLOUDERA: GSS initiate failed

Any pointer for this issue?

5 REPLIES 5
Highlighted

Re: Kerberos impersonation for Hive (Beeline)

Contributor

Can you do the Kinit and try using beeline ? Please let us know the output

Re: Kerberos impersonation for Hive (Beeline)

Mentor

@Shashi Vish

I don't think you will find Cloudera help in here.

Re: Kerberos impersonation for Hive (Beeline)

Guru

The error is not related to impersonation at all. Your user ID on the system from where you are running the code should have a valid ticket. To verify, you can use hive/beeline. If that works, you need to ensure that the principal you are passing here should be correct. An incorrect principal name can also cause an issue.

The principal name also seems incomplete, you can verify that in hive->configs, you might have something for that in Cloudera manager.

Re: Kerberos impersonation for Hive (Beeline)

Contributor

srai: if I do not use proxyugi object with doAs method to log in to beeline thenit works pretty well with only realugi object.. as soon as I impersonate user , it fails

Re: Kerberos impersonation for Hive (Beeline)

Guru