Hello, I was getting essentially the same error problem very recently. I finally managed to get it to work like so: String DRIVER = "com.cloudera.impala.jdbc41.Driver"; // jdbc4 was giving me trouble, switching to jdbc41 solved the problema (I am using the lastest, version 2.5.36, of this ) String jdbcConnStr = "jdbc:impala://myserver.mycompany.corp:21050/default;SSL=1;AuthMech=1;KrbHostFQDN=myserver.mycompany.corp;KrbRealm=MYCOMPANY.CORP;KrbServiceName=impala" I suppose that if you are not using SSL=1 but only Kerberos, you just drop that part from the connection string and don't worry about setting up SSL certificates in the java key store... which is yet another hassol However in order to get Kerberos to work properly we did the following: * Install MIT Kerberos 4.0.1, which is a kerberos ticket manager. (This is for Windows) * This ticket manager asks you for authentication everytime you initiate a connection, creates a ticket and stores it in a kerberos_ticket.dat binary file, whose location can be configured somehow but I do not recall exactly how. * Finally, before launching your JAVA app you have to set an environment variable KRB5CCNAME=C:/path/to/kerberos_ticket.dat. In your java app, you can check that the variable was correctly set by doing System.out.println( "KRB5CCNAME = " + System.getenv( "KRB5CCNAME" ) ) // don't just copy and paste this code without fixing the double quotes first, my e-mail client messes them up. If you are working with eclipse or other IDE you might even have to close the IDE,set up the environment variable and start the IDE again. o NOTE: this last bit is very important, I have observed that if this variable is not properly set up, the connection wont be stablished... * In Linux, instead MIT Kerberos 4.0.1, there is a program called kinit which does the same thing, although without a graphical interface, which is even more convenient for automation. I would be very interested in knowing whether it is posible to make this work without installing MIT Kerberos. Maybe Windows just stores the tickets in some other file, whenever you authenticate and you can just use the path to that file for KRB5CCNAME... I have never used the Simba Driver. Does it offer any advantages over the Cloudera one? ... View more

Could you please tell me *what* works with kerberized cluster?  Toad for Hadoop,  DB Visualizer, another tool?    ... View more

Update: I managed to connect.   The one thing I did  was to add the SSL certificates I had on my .pem file directly to the "certificate store" used by Java. It did this via the following command:   keytool –import –alias myserver  -keystore “C:\Program Files\Java\jre1.8.0_40\lib\security\cacerts”  –file  myserver.mycompany.com.pem   when asked I used the default password for the cacerts file which is: changeit   After that I restarted my Java client application and was able to connect.    The client application I am trying to use is SquirrelSQL.   After connecting, the app hangs for a long while and finally comes back. I am assuming this caused by our database already having around 2000 tables and SquirrelSQL by default fetches information about all the schemas... It seems there are two ways around this.   One is to configure it to not load any schemas at all. But then, it hangs when writing an SQL statement, not sure why.   Another is to configure it to load and caches all schemas. Then only the first time one opens the schemas list it hangs as before, but the second time it uses the cache and doesn't reload and thus it is very responsive.   However, in this casem  Squirrel-sql still hangs at other places. Not sure whether this is due to the app itself or to the fetching of table metadata from being slow ...    Does anybody have an idea about this or suggestions about other Java based SQL clients that can connect to Impala (and give you full control of the connection string) and might work better?                        ... View more

I wonder if you were able to access Impala or Hive on *kerberized* cluster or on a cluster with any kind of authentication mecanism.  Please do tell.   ... View more