0

I'm working with Impala Cloudera setup to read data from db. Below java code is provided to connect(runs on the server successfully) and get data from db with Kerberos auth.

Java code I use: 

private static void init() {
                System.setProperty("sun.security.krb5.debug", "true");
                System.setProperty("java.security.krb5.conf", "server-path/krb5.conf");
                System.setProperty("java.security.auth.login.config", "server-path/jaas.conf");
        }

        private static void createConnection() throws Exception {

                Connection conn = null;
                PreparedStatement pstmt = null;
                try {
                        init();
                        Class.forName("com.cloudera.impala.jdbc4.Driver");

                        // Authenticating Kerberos principal
                        System.out.println("Principal Authentication: ");
                        final String user = "user";
                        final String keyPath = "conserver-path/user.keytab";

                        org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration();
                        conf.set("hadoop.security.authentication", "Kerberos");
                        UserGroupInformation.setConfiguration(conf);
                        UserGroupInformation.loginUserFromKeytab(user, keyPath);

                        conn = DriverManager.getConnection("jdbc:impala://ipaddress;AuthMech=1;KrbRealm=realm;KrbHostFQDN=fqdn;KrbServiceName=impala",
                                                        "user", "pwd");
                        System.out.println(conn);
                        System.out.println("=========================================================================");

                        String query = "select count(*) from tableName";
                        System.out.println("Connection :" + conn);
                        pstmt = conn.prepareStatement(query);
                        ResultSet rs = pstmt.executeQuery();
                        System.out.println(rs);
                        System.out.println("--------------------------------------------");

                        while (rs != null && rs.next()) {
//                              System.out.println(rs.getFetchSize());
                                System.out.println(rs.getInt(1));
                        }
                } catch(Exception e) {
                        e.printStackTrace();
                } finally {
                        if(pstmt != null) pstmt.close();
                        if(conn != null) conn.close();
                }
        }

I have an issue while running the same from local/windows environment to connect to server/Cloudera Impala database. Have copied jaas.conf, kerb5.conf, user.keytab to the local path but program throws: 

>>> Found no TGT's in LSA
java.sql.SQLException: [Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Princpal Name for authentication.
        at com.cloudera.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
        at com.cloudera.hivecommon.api.HiveServer2ClientFactory.createClient(Unknown Source)
        at com.cloudera.hivecommon.core.HiveJDBCCommonConnection.establishConnection(Unknown Source)
        at com.cloudera.impala.core.ImpalaJDBCConnection.establishConnection(Unknown Source)
        at com.cloudera.jdbc.core.LoginTimeoutConnection.connect(Unknown Source)
        at com.cloudera.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
        at com.cloudera.jdbc.common.AbstractDriver.connect(Unknown Source)
        at java.sql.DriverManager.getConnection(DriverManager.java:571)
        at java.sql.DriverManager.getConnection(DriverManager.java:215)
        at Com.connection.impala.TestImpala.createConnection(TestImpala.java:50)
Caused by: com.cloudera.support.exceptions.GeneralException: [Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Princpal Name for authentication .
        ... 10 more

Read few links respective to Kerberos Constrained Delegation. Could not understand what and how exactly the steps should be followed.

Help me run and get the connection succesfully from windows machine.

srikanth
  • 958
  • 16
  • 37
  • What's in your `jaas.conf`? Are you running on Windows _(which would explain the mention of "LSA cache" which is Microsoft-specific)_? Did you enable debug traces for JAAS configuration parser, to understand why it (probably) fails to understand your conf file and reverts to the default cache, without success? – Samson Scharfrichter May 18 '18 at 20:01
  • Firstly, would it be possible to connect from windows? to be more specific, I have picked .conf files from my Linux box to windows. – srikanth May 19 '18 at 10:45
  • Kerberos + Hadoop on Windows is... complicated. Cf. https://jaceklaskowski.gitbooks.io/mastering-apache-spark/content/spark-tips-and-tricks-running-spark-windows.html for how to download a (non-official) Windows build of the "native libraries", then how to configure env variables to have the hadoop client JARs point to these _(could be done with Java properties also, BTW)_ – Samson Scharfrichter May 19 '18 at 12:07
  • But anyway, **you don't need an UGI** to connect via JDBC -- can be done with a proper `jaas.conf`, and then you don't need the Haddop client JARs nor the Hadoop "native libs" > cf. https://stackoverflow.com/questions/42477466/error-when-connect-to-impala-with-jdbc-under-kerberos-authrication/ – Samson Scharfrichter May 19 '18 at 12:12
  • And since debugging `krb5.conf` / `jaas.conf` syntax errors is tricky (they are not logged by default) be aware of the following trace flags: `-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext` – Samson Scharfrichter May 19 '18 at 12:14

0 Answers0