Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Who agreed with this topic

Proper jdbc connection string to connect to impala with kerberos and SSL

New Contributor

Hello, 

 

I am able to connect without a problem to Impala  via ODBC with the following connection string: 

 

'Driver=Cloudera ODBC Driver for Impala;Host=myserver.mycompany.com;Port=21050;AuthMech=1;SSL=1;KrbRealm=MYCOMPANY.REALM;KrbFQDN=myserver.mycompany.com;KrbServiceName=impala;TrustedCerts=D:/_DATOS/myserver.mycompany.com.pem'

 

Now I am trying to do the same via jdbc, I am using the JDBC4 driver (latest version 2.5.31.1051, the class is com.cloudera.impala.jdbc4.Driver) .

 

I am trying to follow the instruccions here: Cloudera JDBC-Driver for Impala Install Guide

 

To setup the connection jdbc string: 

 

I have tried several alternatives, such as 

 

jdbc:impala://myserver.mycompany.com:21050/proceso;AuthMech=1;SSL=1;KrbHostFQDN=myserver.mycompany.com;KrbRealm=MYCOMPANY.REALM;KrbServiceName=impala;TrustedCerts=D:\_DATOS\myserver.mycompany.com.pem

 

which would be the closest analog to my  working ODBC string. 

 

When I try to connect I get the following exception: 

 

java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.sql.SQLException: [Simba][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Simba][ImpalaJDBCDriver](500169) Unable to connect to server: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

 

Then I noticed that the TrustedCerts property doesn't seem to be there for JDBC. So I tried replacing this by cacerts and also by jssecacerts as this is mentioned on page 18 of the guide above: 

 

 

jdbc:impala://myserver.mycompany.com:21050/proceso;AuthMech=1;SSL=1;KrbHostFQDN=myserver.mycompany.com;KrbRealm=MYCOMPANY.REALM;KrbServiceName=impala;cacerts=D:\_DATOS\myserver.mycompany.com.pem

 

The stack trace is the same as before...

 

Any ideas on how to properly build the jdbc string given the fully working ODBC string above? 

 

(By the way I have MIT Kerberos Ticket manager installed and I have been careful to define the  KRB5CCNAME environment variable pointing to the tickets file.

 

Many thanks in advance.

 

 

 

 

 

 

Who agreed with this topic