I am trying to write a program to connect to Hive using Jdbc Driver with Kerberos authentication. My program is as folloows :
public static void main(String a[])
{
...
connectionString_ = "jdbc:hive2://cdh-542-kerberos.domain.com:10000/default;principal=hive/cdh-542-kerberos.domain.com@REALMDOMAIN";
UserGroupInformation ugi = createUgi();
connection = ugi.doAs(new PrivilegedExceptionAction<Connection>() {
public Connection run() throws Exception {
Connection connection = null;
Class.forName(jdbcDriverClass_);
connection = DriverManager.getConnection(connectionString_);
return connection;
}
});
...
}
public static UserGroupInformation createUgi()
{
try{
UserGroupInformation ugi = null;
String principal = "hive/cdh-542-kerberos.domain.com@REALMDOMAIN"
String keyTabLocation = "hive.keytab"
logger.debug("principal:" + principal);
logger.debug("keyTabLocation:" + keyTabLocation);
ugi = createkerbUser( principal, keyTabLocation);
return ugi;
}
catch(Exception e)
{
throw new BDEToolSecurityException(BDEToolSecurityException.SECURITYEXCPETION, e);
}
}
public static UserGroupInformation createkerbUser( String principal, String keyTabFilePath)
{
UserGroupInformation app_ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFilePath);
String user = getUserfromPrincipal(principal);
if(user.trim().length() > 0){
UserGroupInformation proxy_ugi = UserGroupInformation.createProxyUser(user, app_ugi);
return proxy_ugi;
}
return app_ugi;
}
private static String getUserfromPrincipal(String principal)
{
String user = Constants.emptyString;
if(principal.contains(Constants.fSlash)){
String[] tokens = principal.split(Constants.fSlash);
if(tokens.length > 1){
user = tokens[0];
}
}
return user;
}
This code is failing when it is trying to ugi.doAs() ...
with below exception
java.sql.SQLException: Could not open client transport with JDBC Uri: jdbc:hive2://cdh-542-kerberos.informatica.com:10000/default;principal=hive/cdh-542-kerberos.informatica.com@INFAQAKERB: GSS initiate failed
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:215)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:163)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:233)
at com.informatica.gcs.tools.bde.connectivity.tool.hive.HiveJdbcTest$1.run(HiveJdbcTest.java:148)
at com.informatica.gcs.tools.bde.connectivity.tool.hive.HiveJdbcTest$1.run(HiveJdbcTest.java:144)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
... 6 more
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:190)
... 15 more
Both the keytab and princiapl seems to be correct. I can successfully run the command
kinit -k -t hive.keytab hive/cdh-542-kerberos.informatica.com@INFAQAKERB
Can anybody help me further on this. I am stuck for almost a week on this problem. I can provide additional information, if required.
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext
to debug your issue? – Samson Scharfrichter