Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
Hi,
When trying to connect to a kerborized hive envirnomnet i'm getting the following error:
Could not open client transport with JDBC Uri: jdbc:hive2://some.hostname.com:10000/default;principal=hive/username@MYREALM.LOCAL: GSS initiate failed
I've learned the 'servicename' in the connection string should be Hive, i saw this in some other applications documentation.
Do i need MIT Kerberos client installed in windows? This document makes no mention of that...
Any idea what my issue may be with my error above? Thanks in advance, -Joe
ps, i have also posted on here:
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/wikibook/Documentation15/page/Kerberos-Configuration/Kerberos-Configuration
We have updated our v16 documentation on Kerberos configuration, which you can find here:
Please go through the steps and let us know if this works for you.
Ok, the new documentation is much better. I'm making progress. In following the windows example, when i try the `kinit` step i'm getting the following error:
Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database
I'm not entirely sure what this error message could be about... I never added my remote host to my hosts file, only the host for the ticket granting server and the host for my hadoop hive install. How does kerberos know how to resolve my realm? For example, in your documentation, how does kerberos resolve "HORTONWORKS.COM" ?
Any tips appreciated, thanks. -Joe
Ok, the new documentation is much better. I'm making progress. In following the windows example, when i try the `kinit` step i'm getting the following error:
Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database
I'm not entirely sure what this error message could be about... I never added my remote host to my hosts file, only the host for the ticket granting server and the host for my hadoop hive install. How does kerberos know how to resolve my realm? For example, in your documentation, how does kerberos resolve "HORTONWORKS.COM" ?
Any tips appreciated, thanks. -Joe
The other part that might be confusing things is my laptop is already part of an active directory domain and klist shows that as my default... maybe there is another kdb.ini file around as part of my enterprise setup. Not sure.
The other part that might be confusing things is my laptop is already part of an active directory domain and klist shows that as my default... maybe there is another kdb.ini file around as part of my enterprise setup. Not sure.
Make sure to read the last part of the documentation. If you are using Windows Kerberos Client then you need to make settings changes so the tickets are available to external applications such as the Hive JDBC drivers.
Make sure to read the last part of the documentation. If you are using Windows Kerberos Client then you need to make settings changes so the tickets are available to external applications such as the Hive JDBC drivers.
Ok, i'm making progress.
One thing i do think i need however... do you know how i can add this to the end of the connection string:
saslQop=auth-conf
My (successful) beeline hive cli connection through jdbc looks like this:
beeline> !connect jdbc:hive2://ip-hive-ip-address.ec2.internal:10000/default;principal=hive/ip-hive-ip-address.ec2.internal@REALM.LOCAL;saslQop=auth-conf
Ok, i'm making progress.
One thing i do think i need however... do you know how i can add this to the end of the connection string:
saslQop=auth-conf
My (successful) beeline hive cli connection through jdbc looks like this:
beeline> !connect jdbc:hive2://ip-hive-ip-address.ec2.internal:10000/default;principal=hive/ip-hive-ip-address.ec2.internal@REALM.LOCAL;saslQop=auth-conf
n/m, i found it. I just added "?saslQop=auth-conf" in the Parameters: text box to the Driver tab on server properties.
I am still have issues however, the latest being what is below. I'm coordinating with my platform provider to see if we can reconcile. We have a few things involving firewalls, etc. that could be causing issues also.
Any tips appreciated. -Joe
>>>KRBError:
sTime is Wed Nov 11 12:32:20 EST 2015 1447263140000
suSec is 148551
error code is 7
error Message is Server not found in Kerberos database
realm is REALM.LOCAL
sname is hive/ip-hive-ip-address.ec2.internal
msgType is 30
KrbException: Server not found in Kerberos database (7)
n/m, i found it. I just added "?saslQop=auth-conf" in the Parameters: text box to the Driver tab on server properties.
I am still have issues however, the latest being what is below. I'm coordinating with my platform provider to see if we can reconcile. We have a few things involving firewalls, etc. that could be causing issues also.
Any tips appreciated. -Joe
>>>KRBError:
sTime is Wed Nov 11 12:32:20 EST 2015 1447263140000
suSec is 148551
error code is 7
error Message is Server not found in Kerberos database
realm is REALM.LOCAL
sname is hive/ip-hive-ip-address.ec2.internal
msgType is 30
KrbException: Server not found in Kerberos database (7)
Issue #13835 |
| Closed |
| Fixed |
| Resolved |
Completion |
| No due date |
| No fixed build |
| No time estimate |
We have updated our v16 documentation on Kerberos configuration, which you can find here:
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/wikibook/Documentation16/page/Kerberos-Configuration/Kerberos-Configuration
Please go through the steps and let us know if this works for you.