Reputation: 143
Can't get Kerberos realm
I am new to Kerberos/hive, want to connect hive (Kerberos implemented) using JDBC.
> > org.apache.hadoop.conf.Configuration conf = new
> > org.apache.hadoop.conf.Configuration();
> > conf.set("hadoop.security.authentication", "Kerberos");
> > UserGroupInformation.setConfiguration(conf);
> > UserGroupInformation.loginUserFromKeytab("<principal>", "<path to keytab file>");
> >
> >
> > Class.forName(Util.getConstantProperty("hive.class.name"));
> >
> > log.info("Making connection with Hive DB"); hiveConn =
> > DriverManager.getConnection("<hive db url>",,"hive.user","");
getting error:
2018-10-29 20:32:50 ERROR ConnectionHandler:80 - java.lang.IllegalArgumentException: Can't get Kerberos realm java.lang.IllegalArgumentException: Can't get Kerberos realm
at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:65)
at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:263)
at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:299)
at utils.ConnectionHandler.connectHiveDB(ConnectionHandler.java:58)
Upvotes: 2
Views: 17758
Answers (2)
Reputation: 3604
Quick Explanation
If using a krb5.conf
ensure you have set
[libdefaults]
default_realm=EXAMPLE.COM
If not using a krb5.conf set both
java.security.krb5.kdcjava.security.krb5.realm
Further Reading
For reference, source for KerberosUtil
And the underlying kerberos library getDefaultRealm
Notice that by default getDefaultRealm looks in your krb5.conf default_realm:
get("libdefaults", "default_realm");
There is another place realm can be defined.... via the property:
java.security.krb5.realm
This value is silently ignored, if the kdc is not ALSO defined via java.security.krb5.kdc
This fact is documented here
Upvotes: 1
Reputation: 549
in addition the suggestion from Prazy in the comments
Don't forget to set the default realm in the krb5.conf
and if you still have problems add the kerberos debug into your comand line
export HADOOP_OPTS="-Dsun.security.krb5.debug=true"
export HADOOP_ROOT_LOGGER=DEBUG,console
Upvotes: 1
Related Questions
- Hive JDBC Kerberos Connectivity error
- obtaining Kerberos ticker for hdfs user throws an error
- How to connect with HIVE via R with Kerberos keytab?
- Hadoop authentication with Kerberos error
- Kerberos kadmin service error
- How to setup Kerberos realm without domain name
- Exception while connecting to Hive using JDBC and Kerberos authentication
- "Can't get Kerberos realm" on yarn cluster
- Connecting to HIVE in Mapper with Kerberos security
- Issue on Hadoop CDH4.1.2 configuring with kerberos