Mailing-List: contact issues-help@hive.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@hive.apache.org
Date: Thu, 23 Jun 2016 13:24:16 +0000 (UTC)
From: "Aihua Xu (JIRA)" <jira@apache.org>
To: issues@hive.apache.org
Message-ID: <JIRA.12728080.1405639527000.9802.1466688256303@Atlassian.JIRA>
In-Reply-To: <JIRA.12728080.1405639527000@Atlassian.JIRA>
References: <JIRA.12728080.1405639527000@Atlassian.JIRA> <JIRA.12728080.1405639527800@arcas>
Subject: [jira] [Commented] (HIVE-7443) Fix HiveConnection to communicate
 with Kerberized Hive JDBC server and alternative JDKs
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Thu, 23 Jun 2016 13:24:18 -0000


    [ https://issues.apache.org/jira/browse/HIVE-7443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346426#comment-15346426 ] 

Aihua Xu commented on HIVE-7443:
--------------------------------

The tests are not related. TestSchedulerQueue was failing with hdfs issue and it passed on my local test.

> Fix HiveConnection to communicate with Kerberized Hive JDBC server and alternative JDKs
> ---------------------------------------------------------------------------------------
>
>                 Key: HIVE-7443
>                 URL: https://issues.apache.org/jira/browse/HIVE-7443
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC, Security
>    Affects Versions: 0.12.0, 0.13.1
>         Environment: Kerberos
> Run Hive server2 and client with IBM JDK7.1
>            Reporter: Yu Gao
>            Assignee: Aihua Xu
>         Attachments: HIVE-7443.2.patch, HIVE-7443.3.patch, HIVE-7443.patch
>
>
> Hive Kerberos authentication has been enabled in my cluster. I ran kinit to initialize the current login user's ticket cache successfully, and then tried to use beeline to connect to Hive Server2, but failed. After I manually added some logging to catch the failure exception, this is what I got that caused the failure:
> beeline>  !connect jdbc:hive2://<hiveserver.host>:10000/default;principal=hive/<hiveserver.host>@REALM.COM org.apache.hive.jdbc.HiveDriver
> scan complete in 2ms
> Connecting to jdbc:hive2://<hiveserver.host>:10000/default;principal=hive/<hiveserver.host>@REALM.COM
> Enter password for jdbc:hive2://<hiveserver.host>:10000/default;principal=hive/<hiveserver.host>@REALM.COM:
> 14/07/17 15:12:45 ERROR jdbc.HiveConnection: Failed to open client transport
> javax.security.sasl.SaslException: Failed to open client transport [Caused by java.io.IOException: Could not instantiate SASL transport]
>         at org.apache.hive.service.auth.KerberosSaslHelper.getKerberosTransport(KerberosSaslHelper.java:78)
>         at org.apache.hive.jdbc.HiveConnection.createBinaryTransport(HiveConnection.java:342)
>         at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:200)
>         at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:178)
>         at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)
>         at java.sql.DriverManager.getConnection(DriverManager.java:582)
>         at java.sql.DriverManager.getConnection(DriverManager.java:198)
>         at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:145)
>         at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:186)
>         at org.apache.hive.beeline.Commands.connect(Commands.java:959)
>         at org.apache.hive.beeline.Commands.connect(Commands.java:880)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:94)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
>         at java.lang.reflect.Method.invoke(Method.java:619)
>         at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:44)
>         at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:801)
>         at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:659)
>         at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:368)
>         at org.apache.hive.beeline.BeeLine.main(BeeLine.java:351)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:94)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
>         at java.lang.reflect.Method.invoke(Method.java:619)
>         at org.apache.hadoop.util.RunJar.main(RunJar.java:212)
> Caused by: java.io.IOException: Could not instantiate SASL transport
>         at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Client.createClientTransport(HadoopThriftAuthBridge20S.java:177)
>         at org.apache.hive.service.auth.KerberosSaslHelper.getKerberosTransport(KerberosSaslHelper.java:74)
>         ... 24 more
> Caused by: javax.security.sasl.SaslException: Failure to initialize security context [Caused by org.ietf.jgss.GSSException, major code: 13, minor code: 0
>         major string: Invalid credentials
>         minor string: SubjectCredFinder: no JAAS Subject]
>         at com.ibm.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:131)
>         at com.ibm.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:53)
>         at javax.security.sasl.Sasl.createSaslClient(Sasl.java:362)
>         at org.apache.thrift.transport.TSaslClientTransport.<init>(TSaslClientTransport.java:72)
>         at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Client.createClientTransport(HadoopThriftAuthBridge20S.java:169)
>         ... 25 more
> Caused by: org.ietf.jgss.GSSException, major code: 13, minor code: 0
>         major string: Invalid credentials
>         minor string: SubjectCredFinder: no JAAS Subject
>         at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:83)
>         at com.ibm.security.jgss.mech.krb5.Krb5Credential$SubjectCredFinder.run(Krb5Credential.java:1126)
>         at java.security.AccessController.doPrivileged(AccessController.java:330)
>         at com.ibm.security.jgss.mech.krb5.Krb5Credential.getClientCredsFromSubject(Krb5Credential.java:816)
>         at com.ibm.security.jgss.mech.krb5.Krb5Credential.getCredentials(Krb5Credential.java:388)
>         at com.ibm.security.jgss.mech.krb5.Krb5Credential.init(Krb5Credential.java:196)
>         at com.ibm.security.jgss.mech.krb5.Krb5Credential.<init>(Krb5Credential.java:168)
>         at com.ibm.security.jgss.mech.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:123)
>         at com.ibm.security.jgss.GSSManagerImpl.createMechCredential(GSSManagerImpl.java:294)
>         at com.ibm.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:137)
>         at com.ibm.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:69)
>         at com.ibm.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:169)
>         at com.ibm.security.jgss.GSSContextImpl.init(GSSContextImpl.java:157)
>         at com.ibm.security.jgss.GSSContextImpl.<init>(GSSContextImpl.java:102)
>         at com.ibm.security.jgss.GSSManagerImpl.createContext(GSSManagerImpl.java:183)
>         at com.ibm.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:110)
>         ... 29 more
> Error: Invalid URL: jdbc:hive2://<hiveserver.host>:10000/default;principal=hive/<hiveserver.host>@REALM.COM (state=08S01,code=0)


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)