gohive Kerberos error: Bad SASL negotiation status: 4

The error occurs on connection to the HIVE from a Golang application using the gohive library.

SASL is Simple Authentication and Security Layer. SASL allows plug-in-based security. The application implements the SASL API and the application client can pass a SASL object to the application.

Hence, the application has multiple ways to authenticate with no code change.

Scenario

The access to Hive is fenced with Kerberos. The problem in my case was an issue with connection to the Hive.

Ensure the Kerberos server is accessible from local and pod

nc -z <server-ip> <port>

Expected output

Connection to <server-ip> port xxxxx[tcp/icl-twobase1] succeeded!

It is possible the KDC server is behind a firewall/ VPN. So we may need netops help.

Confirm the kinit success

env KRB5_TRACE=/dev/stdout kinit -kt key.name principal;
echo $?;
klist;

Confirm all environment variables are exported

This was the problem in my case. The connection to Hive expected setting up a bunch of…