@Manoj690  This is a completely different error ... Please open a separate Topic for detailed discussion and close this Thread.      --require_secure_transport=ON   Caused by: java.sql.SQLException: Connections using insecure transport are prohibited while --require_secure_transport=ON. at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:965) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)       https://mysqlserverteam.com/restricting-connections-to-secure-transport/ ... View more

@Manoj690    As we still see the error : Caused by: java.sql.SQLException: Access denied for user 'ambari'@'gaian-lap386.com' (using password: YES)   Are you sure that you are using correct password for ambari user? Also after executing the following query have you run the "FLUSH PRIVILEGES" command?  At the end? CREATE USER 'ambari'@'%' IDENTIFIED BY 'bigdata'; GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'%'; CREATE USER 'ambari'@'localhost' IDENTIFIED BY 'bigdata'; GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'localhost'; CREATE USER 'ambari'@'gaian-lap386.com' IDENTIFIED BY 'bigdata'; GRANT ALL PRIVILEGES ON *.* TO 'ambari'@'gaian-lap386.com'; FLUSH PRIVILEGES; Password as 'bigdata' is just dummy here.  You will need to use your own password.  .   ... View more

@Manoj690    Please share the output of the following SQL query.. I do not think that you have correct privileges # mysql -u root -p Enter Password: mysql> use mysql; mysql> SELECT user, host FROM user; +--------+---------------------+ | user | host | +--------+---------------------+ | root | % | | root | 127.0.0.1 | | root | ::1 | | ambari | % | | ambari | localhost | | ambari | gaian-lap386.com | +--------+---------------------+ Do you see above kind of entry in your MySQL DB table?   ... View more

@Jeongtaek Your Query seems to be partially correct. Except the LIKE ? ESCAPE '\\'' part.   MariaDB [hive]> SELECT this.name AS NUCORDER0 FROM DBS this WHERE ( LOWER(this.name) LIKE 'default' ) ORDER BY NUCORDER0 ; +-----------+ | NUCORDER0 | +-----------+ | default | +-----------+   - Can you please let us know what do you want to match in the LIKE condition?  - Can you please share some example of DBS names that you want to filter using LIKE clause? ... View more

@irfangk1  You can find more details about headless / service principals/keytabs in the following doc:  https://docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.1.0/authentication-with-kerberos/content/kerberos_principals.html ... View more

@irfangk1  From Standard Kerberos perspective there is no command to differentiate between headless/service keytab.  However, we can differentiate between headless / service keytabs  you can find the detailed discussion about it in the following thread:  https://community.cloudera.com/t5/Support-Questions/Headless-Keytab-Vs-User-Keytab-Vs-Service-Keytab/m-p/175276 Try running the following command on your keytab: Headless keytab Headless principals are not bound to a specific host or node, they have the syntax: - @EXAMPLE.COM   # klist -kte /etc/security/keytabs/hdfs.headless.keytab Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (des-cbc-md5) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (aes256-cts-hmac-sha1-96) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (des3-cbc-sha1) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (arcfour-hmac) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (aes128-cts-hmac-sha1-96)   If it is truly a headless keytab then it will not have a principal specific to a Host.   Service keytab Service principal is something that does not need to be a POSIX user,they are mostly applications that have own arrangement on how they run on the OS level and need to interact with the Kerberized cluster. Notice it's principal name has hostname included. Example: # klist -kte /etc/security/keytabs/nn.service.keytab Keytab name: FILE:/etc/security/keytabs/nn.service.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 08/11/2019 01:58:40 nn/ker1latest1.example.com@EXAMPLE.COM (des-cbc-md5) 2 08/11/2019 01:58:40 nn/ker1latest1.example.com@EXAMPLE.COM (aes256-cts-hmac-sha1-96) 2 08/11/2019 01:58:40 nn/ker1latest1.example.com@EXAMPLE.COM (des3-cbc-sha1) 2 08/11/2019 01:58:40 nn/ker1latest1.example.com@EXAMPLE.COM (arcfour-hmac) 2 08/11/2019 01:58:40 nn/ker1latest1.example.com@EXAMPLE.COM (aes128-cts-hmac-sha1-96)   . ... View more