Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

cant create a kerberos ticket

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-30-2016 11:13 PM

I cant create a ticket I think I need one because beeline is failing to connect to hive2 server .

[root@hadoop1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin@TOLLS.DOT.STATE.FL.US
Valid starting     Expires            Service principal
11/30/16 17:00:42  12/01/16 17:00:42  krbtgt/TOLLS.DOT.STATE.FL.US@TOLLS.DOT.STATE.FL.US
        renew until 11/30/16 17:00:42
[root@hadoop1 ~]# kinit hive
kinit: Client not found in Kerberos database while getting initial credentials
[root@hadoop1 ~]#

beeline error 

beeline> !connect jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Connecting to jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Enter username for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: hive
Enter password for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: *******
16/11/30 18:09:19 [main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
5,582 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎11-30-2016 11:25 PM

" Error: Client not found in Kerberos database while getting initial credentials" , is saying that principal 'hive' is not in the KDC , you need to create one to do a kinit with it.

View solution in original post

5,054 Views
0 Kudos
4 REPLIES 4

avatar
author-rank rmani author-rank
Super Collaborator

Created ‎11-30-2016 11:25 PM

" Error: Client not found in Kerberos database while getting initial credentials" , is saying that principal 'hive' is not in the KDC , you need to create one to do a kinit with it.

5,055 Views
0 Kudos

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-30-2016 11:54 PM

ok it worked , thanks a lot for your help . I had to create the ticket as user hive before starting beeline.

[hive@hadoop1 ~]$ kinit hive
Password for hive@TOLLS.DOT.STATE.FL.US:
[hive@hadoop1 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_1004
Default principal: hive@TOLLS.DOT.STATE.FL.US
Valid starting     Expires            Service principal
11/30/16 18:52:14  12/01/16 18:52:14  krbtgt/TOLLS.DOT.STATE.FL.US@TOLLS.DOT.STATE.FL.US
        renew until 11/30/16 18:52:14
[hive@hadoop1 ~]$ beeline
Beeline version 1.2.1000.2.5.0.0-1245 by Apache Hive
beeline> !connect jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Connecting to jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US
Enter username for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: hive
Enter password for jdbc:hive2://hadoop2:10000/default;principal=hive/hadoop2@TOLLS.DOT.STATE.FL.US: *******
Connected to: Apache Hive (version 1.2.1000.2.5.0.0-1245)
Driver: Hive JDBC (version 1.2.1000.2.5.0.0-1245)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://hadoop2:10000/default>
5,054 Views
0 Kudos

avatar
author-rank Ravi_G author-rank
Expert Contributor

Created ‎11-30-2016 11:29 PM

@Sami Ahmad

This is the right way to get service tickets.

[root@gwy-ravi ~]#
[root@gwy-ravi ~]#
[root@gwy-ravi ~]# klist -kt /etc/security/keytabs/hive.service.keytab
Keytab name: FILE:/etc/security/keytabs/hive.service.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
   2 11/16/16 22:54:16 hive/gwy-ravi.ironman.com@RAVI.COM
[root@gwy-ravi ~]# kinit -kt /etc/security/keytabs/hive.service.keytab hive/gwy-ravi.ironman.com@RAVI.COM
[root@gwy-ravi ~]#
[root@gwy-ravi ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/gwy-ravi.ironman.com@RAVI.COM


Valid starting     Expires            Service principal
11/30/16 23:28:30  12/01/16 23:28:30  krbtgt/RAVI.COM@RAVI.COM
	renew until 11/30/16 23:28:30
[root@gwy-ravi ~]#
5,054 Views

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-30-2016 11:36 PM

ok I created the hive/admin principal in KDC is this correct ? 

[root@hadoop1 ~]# kadmin.local
Authenticating as principal admin/admin@TOLLS.DOT.STATE.FL.US with password.
kadmin.local:  addprinc hive/admin
WARNING: no policy specified for hive/admin@TOLLS.DOT.STATE.FL.US; defaulting to no policy
Enter password for principal "hive/admin@TOLLS.DOT.STATE.FL.US":
Re-enter password for principal "hive/admin@TOLLS.DOT.STATE.FL.US":
Principal "hive/admin@TOLLS.DOT.STATE.FL.US" created.
[root@hadoop1 ~]# kinit hive/admin
Password for hive/admin@TOLLS.DOT.STATE.FL.US:
[root@hadoop1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hive/admin@TOLLS.DOT.STATE.FL.US
Valid starting     Expires            Service principal
11/30/16 18:45:50  12/01/16 18:45:50  krbtgt/TOLLS.DOT.STATE.FL.US@TOLLS.DOT.STATE.FL.US
        renew until 11/30/16 18:45:50
5,054 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements