Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Who agreed with this topic

Proper jdbc connection string to connect to impala with kerberos and SSL

Labels:
avatar
author-rank CuckooKernel
Explorer

Created on ‎06-23-2016 06:04 PM - edited ‎09-16-2022 03:27 AM

Hello, 

 

I am able to connect without a problem to Impala  via ODBC with the following connection string: 

 

'Driver=Cloudera ODBC Driver for Impala;Host=myserver.mycompany.com;Port=21050;AuthMech=1;SSL=1;KrbRealm=MYCOMPANY.REALM;KrbFQDN=myserver.mycompany.com;KrbServiceName=impala;TrustedCerts=D:/_DATOS/myserver.mycompany.com.pem'

 

Now I am trying to do the same via jdbc, I am using the JDBC4 driver (latest version 2.5.31.1051, the class is com.cloudera.impala.jdbc4.Driver) .

 

I am trying to follow the instruccions here: Cloudera JDBC-Driver for Impala Install Guide

 

To setup the connection jdbc string: 

 

I have tried several alternatives, such as 

 

jdbc:impala://myserver.mycompany.com:21050/proceso;AuthMech=1;SSL=1;KrbHostFQDN=myserver.mycompany.com;KrbRealm=MYCOMPANY.REALM;KrbServiceName=impala;TrustedCerts=D:\_DATOS\myserver.mycompany.com.pem

 

which would be the closest analog to my  working ODBC string. 

 

When I try to connect I get the following exception: 

 

java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.sql.SQLException: [Simba][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Simba][ImpalaJDBCDriver](500169) Unable to connect to server: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

 

Then I noticed that the TrustedCerts property doesn't seem to be there for JDBC. So I tried replacing this by cacerts and also by jssecacerts as this is mentioned on page 18 of the guide above: 

 

 

jdbc:impala://myserver.mycompany.com:21050/proceso;AuthMech=1;SSL=1;KrbHostFQDN=myserver.mycompany.com;KrbRealm=MYCOMPANY.REALM;KrbServiceName=impala;cacerts=D:\_DATOS\myserver.mycompany.com.pem

 

The stack trace is the same as before...

 

Any ideas on how to properly build the jdbc string given the fully working ODBC string above? 

 

(By the way I have MIT Kerberos Ticket manager installed and I have been careful to define the  KRB5CCNAME environment variable pointing to the tickets file.

 

Many thanks in advance.

 

 

 

 

 

 

56,076
0 Kudos
2
Who agreed with this topic