Hi, I wrote a Java client to talk with HiveMetaStore. (Hive 1.2.0) But found that it can't new a HiveMetaStoreClient object successfully via a proxy using in Kerberos env.
=========================== 15/10/13 00:14:38 ERROR transport.TSaslTransport: SASL negotiation failure javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) ========================== When I debugging on Hive, I found that the error came from open() method in HiveMetaStoreClient class. Around line 406, transport = UserGroupInformation.*getCurrentUser()*.doAs(new PrivilegedExceptionAction<TTransport>() { *//FAILED, because the current user doesn't have the cridential* But it will work if I change above line to transport = UserGroupInformation.*getCurrentUser().getRealUser()*.doAs(new PrivilegedExceptionAction<TTransport>() { *//PASS* With Google, *I found* 1. DRILL-3413 fixes this error in Drill side 2. HIVE-4984 (hive metastore should not re-use hadoop proxy configuration) mentioned related things, but the status is still OPEN *My Questions:* 1. Have you noticed this issue in HiveMetaStoreClient? If yes, will Hive plan to fix it? 2. Is the simple change (shown like above) in open() method in HiveMetaStoreClient enough? Thank you. - Bing