Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

kerberized hive logon via username & password

New Contributor

Hi All,

We have HDInsight deployed with Enterprise Service Package enabled e.g. kerberized cluster.

User is able to connect to the hive over kerberos from the Azure VM machine that's on same domain.


Problem is, we have bunch of users which are not on trusted domain (azure domain vs on-prem domain). This cause problem because the user always hit with error:

[Hortonworks][Support] (50360) Integrated security authentication failed. (Routine Error:
Unspecified GSS failure. Minor code may provide more information
Mechanism Info:
Cannot contact any KDC for realm 'SOMETHING.ONMICROSOFT.COM'
Major: 851968 Minor: 2529639068)


I have setup my on-prem machine the KRB5_CONFIG and KRB5CCNAME on Environment Variable, and point to copy of files from Azure VM.


Is there a way we can logon to the kerberized cluster using domain username and password instead kerberos?





You can crate the keytabs for these user on the KDC and  send it to them but they MUST have locally the copy of the krb5.conf and correct permissions on those keytabs.

The other solution is to create a trust between the 2 domains.


New Contributor

thanks @Shelton for the suggestion I will try to create the keytab for the users, how can I use it in ODBC setup box?


Also I'm still interested with original question, can we use domain account & password for authentication on kerberized cluster.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.