"GSSException: No valid credentials provided" Error When Connecting to the BDA from R After Adding Kerberos Using JDBC Hive or Impala Drivers from Client

(Doc ID 2057381.1)

Last updated on SEPTEMBER 18, 2015

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 and later
Linux x86-64


Having connection issues using the jdbc driver for Hive or Impala from R code after enabling Kerberos. Prior to enabling Kerberos it was possible to connect and run queries against the BDA hiveserver2 via this connection string of R code:

conn <- dbConnect(drv, "jdbc:hive2://1*.***.**.***:21050/retention;auth=noSasl")

That no longer works since enabling Kerberos.

When trying with the following connection string an error like below is observed:

conn <- dbConnect(drv, "jdbc:hive2://1*.***.**.***:10000/dev;principal=hive/bda1node04@<REALM NAME>" )

Observe an error like this:

ERROR [main] transport.TSaslTransport (TSaslTransport.java:open(296)) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]


Checking the encryption types as a user that can kinit with the command below shows a different type than on the BDA:

$ klist -ef

 Example: this shows the encryption on the client:

Etype (skey, tkt): aes256-cts-hmac-sha1-96

Compared to the BDA which would show something more like:


Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96



Checking security policies may show older policies on the client.

# cd /usr/java/default/jre/lib/security
# ls -ltr


Check the following policy files under /usr/java/default/jre/lib/security and compare to the BDA cluster nodes for date/size:




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms