Connecting to a kerberized Impala daemon
Using an impala-shell session you can connect to an impalad daemon
to issue queries. When you connect to an impalad, it coordinates the execution of all
queries sent to it. You can run impala-shell to connect to a Kerberized
Impala instance over HTTP in a cluster.
Kerberos is an enterprise-grade authentication system Impala supports. Kerberos provides strong security benefits including capabilities that render intercepted authentication packets unusable by an attacker. It virtually eliminates the threat of impersonation by never sending a user's credentials in cleartext over the network. Cloudera recommends using impala-shell with Kerberos authentication for strong security benefits while accessing an Impala instance.
- Locate the hostname that is running the impalad daemon.
- 28000 is the default port impalad daemon uses to transmit commands and receive results from client applications over HTTP using the HiveServer2 protocol. Ensure that this port is open.
- Ensure that the host running impala-shell has a preexisting
kinit-cached Kerberos ticket that
impala-shellcan pass to the impala server automatically without the need for the user to reenter the password. - To override any client connection errors, you should run the Kinit command to retrieve the Ticket Granting Ticket or to extend it if it has already expired.
