Support Questions

krishnat · ‎09-30-2016

We have a 15 Node Kerborised Impala Cluster with a HAProxy. We have no issue using HUE to run queries.

We are also able to use the ODBC Driver on a Windows Machine, authenticate with Kerberos and connect to the Impala via HA Proxy.

However, when we try to connect to the Impala HA Proxy using SQL Workbench via JDBC Driver. We get the following error message:

[Simba][ImpalaJDBCDriver](500310) Invalid operation: Unable to obtain Principal Name for authentication ;

The connection string is:

jdbc:impala://<PUBLIC IP ADDRESS>:21051;AuthMech=1;KrbRealm=<REALM>;KrbHostFQDN=<fqdn>;KrbServiceName=impala;

We tried adding the Principal parameter, but it doesn't help. Any ideas, on how to get Impala JDBC to work from a windows machine using Kerberos?

andrzej_jedrzej · ‎09-22-2017

Do you have JCE installed in you system?

KamleshG · ‎09-22-2017

As I mention JASS config approach is working for me from Java code.
Problem I am facing from R Code JCE is install on my machine still i am not able to connect from R.
Could anyone help on the same

andrzej_jedrzej · ‎09-25-2017

Do you connect from Windows or Linux box?

Are you sure that you have valid kerberos ticket on your machine? Could you run klist, please?

If you want to use jaas they config should more like this:

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="PathToTheKeyTab"
principal="cloudera@CLOUDERA"
doNotPrompt=true;
};

KamleshG · ‎09-25-2017

Hi,

We're trying to connect from windows machine. We have a valid ticket listed from klist. The error we are getting from rstudio is :

“Error in .jcall(drv@jdrv, "Ljava/sql/Connection;", "connect", as.character(url)[1], :

java.sql.SQLException: [Cloudera][HiveJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .”

andrzej_jedrzej · ‎09-25-2017

Could you show me the output of the klist command, please?

Where do you cache kerberos tickets? Do you have env variable to set this up?

KamleshG · ‎09-26-2017

Hi,

I'm not able to klist now. After i run kdestroy -a and then i generate a ticket, the ticket is created successfully but the the ticket is not displayed through klist and the error happens to be the same.

andrzej_jedrzej · ‎09-26-2017

If you can not klist then sth is wrong. Do you have environment varialbe that points to kerberos cache path?

KamleshG · ‎09-26-2017

Hi,

Just wanted to add a point: after kinit the ticket is generated succefully. It is shown in the MIT Kerberos Ticket Manager but it is not viewed in klist. We're following this link: https://www.cloudera.com/documentation/other/connectors/hive-jdbc/latest/Cloudera-JDBC-Driver-for-Ap...

Just few things:

1) Set an environment variable that points to kerberostickets.txt

After it didn't work:

1) Removed the environment variable and followed the next step of JAAS conf. This led to successful hive connectivity through java but in R we're getting the error

2) After running kdestroy, and then kinit. The klist does not give anything. It gives null or empty. Now unable to run it through java too.

2) Set the environment variable again to point to CredentialCache file. It again gives empty klist.

This is in Windows machine

andrzej_jedrzej · ‎09-26-2017

Do you have KRB5CCNAME in your system right now or not?

KamleshG · ‎09-26-2017

Yes we have the environment variable set:

KRB5CCNAME: C:\KerberosTickets.txt

We also tried removing it for the JAAS conf requirement.

We have the env variable set currently

Cloudera Community

Support Questions

impala - kerberosed - jdbc connection from SQL Workbench on Windows