Details
-
Task
-
Status: Closed
-
Minor
-
Resolution: Not A Problem
-
1.10.0
-
None
-
OS: Redhat Linux 6.7, HDP 2.5.3, Kerberos enabled, Hardware: VmWare
Description
I've setup Apace drill 1.10.0 on RHEL 6.7, HDP 2.5.3, kerberos enabled
I'm getting below error while running "drill-conf" or sqlline as user "drill" which is configured in the "drill-override.conf" file.
drill@host:/opt/drill/bin> drill-conf
Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?] (state=,code=0)
java.sql.SQLException: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?]
at org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:166)
at org.apache.drill.jdbc.impl.DrillJdbc41Factory.newDrillConnection(DrillJdbc41Factory.java:72)
at org.apache.drill.jdbc.impl.DrillFactory.newConnection(DrillFactory.java:69)
at org.apache.calcite.avatica.UnregisteredDriver.connect(UnregisteredDriver.java:143)
at org.apache.drill.jdbc.Driver.connect(Driver.java:72)
at sqlline.DatabaseConnection.connect(DatabaseConnection.java:167)
at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:213)
at sqlline.Commands.connect(Commands.java:1083)
at sqlline.Commands.connect(Commands.java:1015)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36)
at sqlline.SqlLine.dispatch(SqlLine.java:742)
at sqlline.SqlLine.initArgs(SqlLine.java:528)
at sqlline.SqlLine.begin(SqlLine.java:596)
at sqlline.SqlLine.start(SqlLine.java:375)
at sqlline.SqlLine.main(SqlLine.java:268)
Caused by: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?]
at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:157)
at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:432)
at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:379)
at org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:157)
... 18 more
Caused by: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?]
at org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:204)
at org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:197)
at com.google.common.util.concurrent.AbstractCheckedFuture.checkedGet(AbstractCheckedFuture.java:85)
at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:155)
... 21 more
Caused by: javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?
at org.apache.drill.exec.rpc.user.UserClient.getAuthenticatorFactory(UserClient.java:285)
at org.apache.drill.exec.rpc.user.UserClient.authenticate(UserClient.java:216)
... 22 more
apache drill 1.10.0
"this isn't your grandfather's sql"
Same error when running below command:
sqlline --maxWidth=10000 -u "jdbc:drill:drillbit=host1.fqdn;auth=kerberos;principal=drill/ladhdp@LAB.COM"
"Drill" user has has valid keytab/ticket.
The Drill UI is working fine with local authentication.
drill-override.conf file:
drill.exec: {
cluster-id: "drillbits1",
zk.connect: "host1.fqdn:2181,host2.fqdn:2181,host3.fqdn:2181",
security: {
user.auth.enabled: true,
user.auth.impl: "pam",
user.auth.pam_profiles: [ "sudo", "login" ],
packages += "org.apache.drill.exec.rpc.user.security",
auth.mechanisms: ["KERBEROS","PLAIN"],
auth.principal: "drill/labhdp@LAB.COM",
auth.keytab: "/opt/drill/.keytab/drill.keytab"
}
}
cat drill-env.sh | egrep -v '^#|^$' export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pam/JPam-1.1/"
