SASL Connections with Beeline or Impala to HiveServer2 Fails

(Doc ID 2031724.1)

Last updated on OCTOBER 11, 2016

Applies to:

Big Data Appliance Integrated Software - Version 4.0 and later
Linux x86-64

Symptoms

SASL connection using beeline client fails with below error ..

beeline> !connect jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf
scan complete in 2ms
Connecting to jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf
Enter username for jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf: oracle
Enter password for jdbc:hive2://bda1node04.***.com:10000/default;principal=hive/_HOST@BDA1.***.COM;saslQop=auth-conf: ******
15/06/11 16:04:36 [main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: No common protection layer between client and server


Also impala connections using SSL certificates fail

impala-shell --ssl --ca_cert /opt/cloudera/security/jks/impala/node_certificate.pem
Starting Impala Shell without Kerberos authentication
SSL is enabled
Error connecting: TTransportException, Could not connect to bda1node01.***.com:21000
Kerberos ticket found in the credentials cache, retrying the connection with a secure transport.
Error connecting: TTransportException, Could not connect to bda1node01.***.com:21000
Welcome to the Impala shell. Press TAB twice to see a list of available commands.

Copyright (c) 2012 Cloudera, Inc. All rights reserved.

(Shell build version: Impala Shell v1.4.1-cdh5 (201c660) built on Mon Aug 25 18:34:09 PDT 2014)
[Not connected] >

 Beeline or Impala connections work when SASL is not used.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms