Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-5579

Kerberos not working for Kafka connector using ticket cache

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Not A Bug
    • None
    • None
    • Deployment / YARN
    • None

    Description

      Setup: security using Kerberos ticket cache, single Flink job deployed on YARN

      The Kerberos ticket cache doesn't seem to be picked up / sent to TaskManager containers when using the Kafka connector when deployed on YARN (when deployed using standalone, this works normally).

      Caused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication
       	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:74)
       	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
       	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:79)
       	at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
       	... 23 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication
       	at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:804)
       	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:675)
       	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:588)
       	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
       	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       	at java.lang.reflect.Method.invoke(Method.java:606)
       	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
       	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
       	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
       	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
       	at java.security.AccessController.doPrivileged(Native Method)
       	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
       	at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
       	at org.apache.kafka.common.security.kerberos.Login.login(Login.java:298)
       	at org.apache.kafka.common.security.kerberos.Login.<init>(Login.java:104)
       	at org.apache.kafka.common.security.kerberos.LoginManager.<init>(LoginManager.java:44)
       	at org.apache.kafka.common.security.kerberos.LoginManager.acquireLoginManager(LoginManager.java:85)
       	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:55)
       	... 26 more

      Attachments

        Activity

          People

            tzulitai Tzu-Li (Gordon) Tai
            tzulitai Tzu-Li (Gordon) Tai
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: