Dear community, we have a problem when connecting to impala with the impala jdbc connector. Our cluster setup is: cdh 6.2/impala 3.2 kerberos enabled ssl activated.   Our cluster 's configuration has been checked thoroughly and the cluster is correctly processing high volumes of data, using kerberos authentication and has security/sentry etc in place. SSL and kerberos processes work fine, in other words this is not a cluster we just started setting up. We have an issue when making a connection from a java program using the impala jdbc connector. I am following the documentation on https://docs.cloudera.com/documentation/other/connectors/impala-jdbc/2-6-11/Cloudera-JDBC-Driver-for-Impala-Install-Guide.pdf (-> page 12 and 88 contain detailed explanation about the connection strings and each possible option for Kerberos ). When we use a connection string including ssl and authentication mechanism 3 and provide the ldap user/password this works fine: #WORKS FINE impalaConnectionURL=jdbc:impala://mycluster.lan:21050/default;AuthMech=3;krbRealm=MYCOMPANY.COM;SSL=1;SSLKeyStore=/opt/cloudera/security/thekey.jks;SSLKeyStorePwd=correctpassword;UID=correctuser;PWD=correctpassword   However we would like to connect using Kerberos authentication: #DOES NOT WORK impalaConnectionURL=jdbc:impala://mycluster.lan:21050/default;AuthMech=1;krbRealm=MYCOMPANY.COM;KrbHostFQDN=correctnode.lan;KrbServiceName=impala;SSL=1;SSLKeyStore=/opt/cloudera/security/thekey.jks;SSLKeyStorePwd=correctpassword;LogLevel=6   Breakdown of field used + motivation that values are correct in our opinion: AuthMech=1; -->Kerberos Authentication krbRealm=MYCOMPANY.COM; -->correct as klist returns: user@MYCOMPANY.COM KrbHostFQDN=correctnode.lan; --> server where kerberos runs (on this server sudo service krb5kdc status shows it is active) KrbServiceName=impala --> service for which kerberos authenitcation is used: this case impala LogLevel=6 -->want to print as much info as possible SSL=1; --> using ssl SSLKeyStore=/opt/cloudera/security/pki/server.jks; --> specifying keystore SSLKeyStorePwd=<pwd> --> password for keystore --> this is correct as it works when we do not use kerberos (see above)   Encountered error (JAVA log): ------------------------------------------- java.sql.SQLException: [Cloudera][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][ImpalaJDBCDriver](500169) Unable to connect to server: GSS initiate failed. at com.cloudera.impala.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source) at com.cloudera.impala.hivecommon.api.HiveServer2ClientFactory.createClient(Unknown Source) at com.cloudera.impala.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source) at com.cloudera.impala.impala.core.ImpalaJDBCConnection.establishConnection(Unknown Source) at com.cloudera.impala.jdbc.core.LoginTimeoutConnection.connect(Unknown Source) ... at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1855) Caused by: com.cloudera.impala.support.exceptions.GeneralException: [Cloudera][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Cloudera][ImpalaJDBCDriver](500169) Unable to connect to server: GSS initiate failed. ... 16 common frames omitted   impala log: ---------------- I1029 14:08:34.201046 119410 thrift-util.cc:123] TAcceptQueueServer: Caught TException: sasl Peer indicated failure:       I am wondering if there are known issues using both kerberos and ssl in the impala jdbc string because of : 1)in the docs /online all examples for SSL use authentication mechanism=3- I have not found a single example using kerberos and ssl combined 2)I noticed a remark (https://docs.cloudera.com/documentation/enterprise/6/6.2/topics/impala_jdbc.html) :Prior to CDH 5.7 / Impala 2.5, the Hive JDBC driver did not support connections that use both Kerberos authentication and SSL encryption. Is possibly a similar issue also known for impala?   Thanks for any thoughts/input! ... View more