1

I am trying to use Impyla to connect to impala on a remote server (Server1). I am able to connect and query from my local to Server1 using the following:

from impala.dbapi import connect
import impala.util

conn = connect(host=my_impalad, port = 21050, auth_mechanism = 'GSSAPI', use_ssl = True)

However, when I try the same lines on Server2 trying to connect to Server1, I get the following error

thriftpy.transport.TTransportException: TTransportException(type=1, message='Could not start SASL: 
b\'Error in sasl_client_start (-1) SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (Cannot find KDC for realm "_________")\'')

Why do this happen on Server2 but not from my local? Shouldn't it all be relative to Server1?

formicaman
  • 1,317
  • 3
  • 16
  • 32
  • `Cannot find KDC for realm` == the Kerberos client lib has no clue of how to contact the Kerberos authentication service (KDC). Hence it cannot obtain a TGT (proof of identity) then a service ticket (access token) for Impala. – Samson Scharfrichter Apr 13 '21 at 07:17
  • In case you care about the gory details of server-side Kerberos config : https://www.programmersought.com/article/82001468513/ >> basically your client needs only a subset of `/etc/krb5.conf` but it **needs** that subset – Samson Scharfrichter Apr 13 '21 at 07:20
  • @SamsonScharfrichter Is this an issue with the client (Server2)? I looked at the article but am still a little confused as to what subset of the `krb5.conf` needs to be added. Is it just the realms? – formicaman Apr 13 '21 at 11:50
  • In case of doubt, keep everything, and substract one item at a time. Or maybe read the docs. Whatever. – Samson Scharfrichter Apr 13 '21 at 11:52

0 Answers0