First off, yes. This can/should work and you have the correct general idea. You deploy a keytab for your application to use. The application logs in when it first starts, and launches a thread to periodically invoke a renewal. Remember that ticket caches (what happens when you invoke a kinit) is mutually exclusive from a programmatic login using a keytab with UGI. The warning from UGI can be ignored in your application. UGI won't perform a re-login for calls you make until you reach 80% of your ticket lifetime. I would be more interested in what kind of logging you get out of the UGI class after the 80% of ticket lifetime is exceeded. You should see a message saying that UGI attempted the re-login and (successfully, hopefully) renewed your ticket. Please remember that the ticket lifetime is unique from a ticket's renewable lifetime. As a sanity check, I would perform a quick experiment to make sure that you have a renewal ticket in the first place. $ kinit -kt /my/file.keytab principal $ kinit -R The above should not throw an error (as long as you do it in the renewable lifetime of the ticket). You can also use the command `getprinc` in kadmin to inspect the ticket lifetime and renewal lifetime (e.g. `getprinc principal` in kadmin). (shameless self-plug) you may also find this presentation that I gave recently trying to de-mystify some of this http://www.slideshare.net/je2451/practical-kerberos-with-apache-hbase/ ... View more

The one you have in the description is wrong and will never work. The one here is the form you must use. Please follow Ankit's suggestion to provide for information. A TimeoutException that makes no reference to Phoenix code is not helpful. Please also be aware that hbase-site.xml and core-site.xml are required to be on the classpath for Phoenix to connect to a secured HBase installation. This may be the root of your problem, but it is unknown without more data. ... View more

You are using an incorrect URL. Please read the documentation https://phoenix.apache.org/#Connection jdbc:phoenix:zk-host-1,zk-host-2,zk-host-3:2181:/hbase-secure:user1@EXAMPLE.COM:/Users/user1/user1.headless.keytab ... View more

Can you please share the version of HDP you're running, the table's schema and the UPSERT SELECT command you ran? ... View more

Thanks for clarifying. Trivial use of phoenix likely would work. It will not work for the full-feature-set of Phoenix. I appreciate your caveat that this should only be used for one-off/demo setups, not for production. ... View more

That's a very bad idea -- you should be figuring out why the class could not be loaded. Without that coprocessor, Phoenix will not function correctly. ... View more

In general, no. If you have a specific concern, please clarify your question. ... View more