Phoenix Thin (EMR) Kerberos SPNEGO not working in DataGrip

Hi Team,

I am trying to connect to Apache Phoenix (Thin client) running on AWS EMR (version 7.8) with Kerberos enabled.

Setup:

• EMR with HBase + Phoenix + Kerberos
• Phoenix Query Server (PQS) is running on port 8765
• Authentication is SPNEGO (HTTP Kerberos)

What is working:

• kinit using keytab works:
  kinit -kt phoenixuser.keytab phoenixuser@REALM
• Ticket is visible via klist
• Service ticket also works:
  kvno HTTP/
• curl works:
  curl --negotiate -u : http://:8765
  (returns HTTP 400, which is expected)

So Kerberos + PQS setup is working correctly.

DataGrip configuration:

• Driver: Apache Phoenix Thin
• URL:
  jdbc:phoenix:thin:url=http://:8765;authentication=SPNEGO
• Tried both:
  1. Using kinit (ticket cache)
  2. Providing keytab + principal in UI

Issues:

• Connection fails from DataGrip
• Keytab field in UI only accepts folder, not file
• It does not seem to pick up Kerberos ticket (MIT kinit)
• SPNEGO authentication does not complete

Questions:

1. Is Phoenix Thin driver with Kerberos (SPNEGO) supported in DataGrip?
2. Should DataGrip use MIT Kerberos ticket cache on Windows?
3. Is JAAS configuration required for this setup?
4. Is there any working example for Phoenix Thin + Kerberos?

Additional clarification needed on,

I understand DataGrip seems does not directly support HBase as a datasource.

However, I am connecting via Apache Phoenix Thin driver (HTTP-based), which sits on top of HBase.

My question is specifically about Kerberos (SPNEGO) support for such HTTP-based drivers.

Is this scenario officially supported, or are there known limitations?Any guidance would be helpful.

Thanks!