Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Unable to connect to kerberized hive (CDH-6.3.4) using beeline installed on remote machine

avatar
author-rank dmharshit
Contributor

Created on ‎02-01-2022 10:55 PM - edited ‎09-16-2022 07:45 AM

Hello,

 
I'm facing "ERROR transport.TSaslTransport: SASL negotiation failure javax.security.sasl.SaslException: GSS initiate failed" issue while connecting to kerberized hive (CDH-6.3.4) using beeline installed on a remote machine. 
 
I'm able to perform 'kinit' on a remote machine. 
 
Beeline version on server side : Hive 2.1.1-cdh6.3.4
Beeline version on remote machine : Hive 2.1.1-cdh6.3.4
 
I'm able to connect to a non-kerberized hive using the same beeline.
 
Error message:
[root@localhost /]# beeline -u "jdbc:hive2://test-cdh.test.com:10000/;principal=hive/test-cdh.test.com@test.COM"
which: no hbase in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/lib/hive/lib/log4j-slf4j-impl-2.8.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/lib/zookeeper/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Connecting to jdbc:hive2://test-cdh.test.com:10000/;principal=hive/test-cdh.test.com@test.COM
[main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) ~[?:1.8.0_322]
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94) ~[hive-exec-2.1.1-cdh6.3.4.jar:2.1.1-cdh6.3.4]
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) [hive-exec-2.1.1-cdh6.3.4.jar:2.1.1-cdh6.3.4]
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) [hive-exec-2.1.1-cdh6.3.4.jar:2.1.1-cdh6.3.4]
at
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162) ~[?:1.8.0_322]

 [main]: WARN jdbc.HiveConnection: Failed to connect to test-cdh.test.com:10000
Unknown HS2 problem when communicating with Thrift server.
Error: Could not open client transport with JDBC Uri: jdbc:hive2://test-cdh.test.com:10000/;principal=hive/test-cdh.test.com@test.COM: GSS initiate failed (state=08S01,code=0)
Beeline version 2.1.1-cdh6.3.4 by Apache Hive
928 Views
0 Kudos
0 REPLIES 0
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements