Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Unable to connect to Kerberized cluster running Hive from R

avatar
author-rank MGarg
Rising Star

Created on ‎06-30-2017 01:41 PM - edited ‎09-16-2022 04:52 AM

I am trying to access Hive tables from R by using JDBC, but it's failing while establishing the connection for 

org.apache.hadoop.security.UserGroupInformation

I thought "hadoop-core.jar" would provide this class, but it's still failing.

 

Does someone have any idea?

 

library("DBI")
library("rJava")
library("RJDBC")


cp = c("/home/cdsw/impala_jars/hadoop-common.jar", "/home/cdsw/hive_jars/libthrift-0.9.0.jar",
"/home/cdsw/hive_jars/hive_service.jar", "/home/cdsw/hive_jars/hadoop-core.jar",
"/home/cdsw/hive_jars/TCLIServiceClient.jar", "hive_jars/hive-jdbc-1.1.0-cdh5.10.1-standalone.jar")

.jinit(classpath=cp)

for(l in list.files('/home/cdsw/hive_jars')){ .jaddClassPath(paste("/home/cdsw/hive_jars",l,sep=""))}
for(l in list.files('/home/cdsw/impala_jars')){ .jaddClassPath(paste("/home/cdsw/impala_jars",l,sep=""))}


.jclassPath()


drv <- JDBC("org.apache.hive.jdbc.HiveDriver", "hive_jars/hive-jdbc-1.1.0-cdh5.10.1-standalone.jar", identifier.quote="`")

con <- dbConnect(drv, "jdbc:hive2://localhost:10000/default;principal=hive/{HOST}@{REALM}")

4,010 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MGarg
Rising Star

Created ‎07-06-2017 09:57 AM

Hi Everyone,

 

Not sure if anyone else faced this issue, but after much research I was able to connect to Kerberized Hive successfully. 

 

I appended "-Djavax.security.auth.useSubjectCredsOnly=false" to the "jinit"

 

.jinit(classpath=cp, parameters="-Djavax.security.auth.useSubjectCredsOnly=false")

 

Basically, it disables the requirement of a GSS mechanism to obtain necessary credentials from an existing Subject and allows to use the specified authentication mechanism, which in this case is Kerberos.

View solution in original post

3,951 Views
2 REPLIES 2

avatar
author-rank MGarg
Rising Star

Created ‎06-30-2017 02:55 PM

Here's an update:

 

I was able to fix the initial issue by adding all the jars in /opt/cloudera/parcels/CDH/... directory. 

 

However, now it's failing with Kerberos TGT not found error, although I am doing kinit before connecting.

 

Is there something I am missing?

 

"

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

"

4,002 Views
0 Kudos

avatar
author-rank MGarg
Rising Star

Created ‎07-06-2017 09:57 AM

Hi Everyone,

 

Not sure if anyone else faced this issue, but after much research I was able to connect to Kerberized Hive successfully. 

 

I appended "-Djavax.security.auth.useSubjectCredsOnly=false" to the "jinit"

 

.jinit(classpath=cp, parameters="-Djavax.security.auth.useSubjectCredsOnly=false")

 

Basically, it disables the requirement of a GSS mechanism to obtain necessary credentials from an existing Subject and allows to use the specified authentication mechanism, which in this case is Kerberos.

3,952 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements