My Oracle Support Banner

"GSSException: No valid credentials provided" Error When Connecting to the BDA from R After Adding Kerberos Using JDBC Hive or Impala Drivers from Client (Doc ID 2057381.1)

Last updated on JANUARY 13, 2020

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 and later
Linux x86-64

Symptoms

NOTE: In the examples that follow, user details, cluster names, hostnames, directory paths, filenames, etc. represent a fictitious sample (and are used to provide an illustrative example only). Any similarity to actual persons, or entities, living or dead, is purely coincidental and not intended in any manner.

  

Having connection issues using the jdbc driver for Hive or Impala from R code after enabling Kerberos. Prior to enabling Kerberos it was possible to connect and run queries against the BDA hiveserver2 via this connection string of R code:
  

conn <- dbConnect(drv, "jdbc:hive2://<IP_ADDRESS>:21050/retention;auth=noSasl")

  
That no longer works since enabling Kerberos.

When trying with the following connection string an error like below is observed:

conn <- dbConnect(drv, "jdbc:hive2://<IP_ADDRESS>:10000/dev;principal=hive/bda1node04@<REALM>" )

 
Observe an error like this:

ERROR [main] transport.TSaslTransport (TSaslTransport.java:open(296)) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
...

 

Checking the encryption types as a user that can kinit with the command below shows a different type than on the BDA:

$ klist -ef

 Example: this shows the encryption on the client:

Etype (skey, tkt): aes256-cts-hmac-sha1-96


Compared to the BDA which would show something more like:

...

Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96

...

  

Checking security policies may show older policies on the client.

# cd /usr/java/default/jre/lib/security
# ls -ltr

 

Check the following policy files under /usr/java/default/jre/lib/security and compare to the BDA cluster nodes for date/size:
US_export_policy.jar
local_policy.jar

 

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.