My Oracle Support Banner

SASL Connections with Beeline or Impala to HiveServer2 Fails (Doc ID 2031724.1)

Last updated on NOVEMBER 29, 2017

Applies to:

Big Data Appliance Integrated Software - Version 4.0 and later
Linux x86-64


SASL connection using beeline client fails with below error ..

beeline> !connect jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf
scan complete in 2ms
Connecting to jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf
Enter username for jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf: oracle
Enter password for jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf: ******
15/06/11 16:04:36 [main]: ERROR transport.TSaslTransport: SASL negotiation failure No common protection layer between client and server

Also impala connections using SSL certificates fail

impala-shell --ssl --ca_cert /opt/cloudera/security/jks/impala/node_certificate.pem
Starting Impala Shell without Kerberos authentication
SSL is enabled
Error connecting: TTransportException, Could not connect to bda1node01.***.com:21000
Kerberos ticket found in the credentials cache, retrying the connection with a secure transport.
Error connecting: TTransportException, Could not connect to bda1node01.***.com:21000
Welcome to the Impala shell. Press TAB twice to see a list of available commands.

Copyright (c) 2012 Cloudera, Inc. All rights reserved.

(Shell build version: Impala Shell v1.4.1-cdh5 (201c660) built on Mon Aug 25 18:34:09 PDT 2014)
[Not connected] >

 Beeline or Impala connections work when SASL is not used.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.