Pivotal Knowledge Base

Follow

On a secured cluster, Hive commands reports "Can't get Master Kerberos principal for use as renewer"

Environment

Product Version
Pivotal Hadoop 2.x
OS RHEL 6.x

Symptom

This article discusses how to fix the error shown in the example below.

hive> show tables;
OK
Failed with exception java.io.IOException:java.io.IOException: Can't get Master Kerberos principal for use as renewer
Time taken: 1.76 seconds
hive>

Cause

An incorrect URL path was used to connect to the JDBC in Hive2. You must specify the Kerberos principal name to be used for authentication.

Resolution

  1. Connect to Hive using the following example in the Hive Beeline client.
    jdbc:hive2://hdm1:10001> !connect jdbc:hive2://hdm1:10001/default;principal=hive/hdm1.gphd.local@KRB.SWCOE.GE.COM
    Connecting to jdbc:hive2://hdm1:10001/default;principal=hive/hdm1.gphd.local@KRB.SWCOE.GE.COM
    Enter username for jdbc:hive2://hdm1:10001/default;principal=hive/hdm1.gphd.local@KRB.SWCOE.GE.COM: gpadmin
    Enter password for jdbc:hive2://hdm1:10001/default;principal=hive/hdm1.gphd.local@KRB.SWCOE.GE.COM: *******
    Connected to: Hive (version 0.12.0-gphd-3.0.1.0)
    Driver: Hive (version 0.12.0-gphd-3.0.1.0)
    Transaction isolation: TRANSACTION_REPEATABLE_READ
  2. Re-run show tables and confirm table list is returned.
     jdbc:hive2://hdm1:10001/default> show tables;
    +------------+
    |  tab_name  |
    +------------+
    | book       |
    | book1      |
    | book10     |
    | book3      |
    | book4      |
    | book5      |
    | book6      |
    | book7      |
    | book8      |
    | passwords  |
    | sample     |
    +------------+

Comments

Powered by Zendesk