Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-15052

Webhcat can't handle "_HOST" in templeton.kerberos.principal

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.1.0
    • Fix Version/s: None
    • Component/s: WebHCat
    • Labels:
      None
    • Environment:

      Hive 2.1.0, Hadoop 2.7.2

      Description

      WebHCat fails to start when the property "templeton.kerberos.principal" doesn't contain the FQDN. The following will create an error

              <property>
                      <name>templeton.kerberos.principal</name>
                      <value>webhcat/_HOST@SANDBOX.HADOOP</value>
                      <description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
              </property>
      

      The following will work:

              <property>
                      <name>templeton.kerberos.principal</name>
                      <value>webhcat/webhcat.bigdata.fr@SANDBOX.HADOOP</value>
                      <description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
              </property>
      

      The error produced when _HOST is used is:

      Oct 25 10:35:03 webhcat.bigdata.fr webhcat ERROR - org.apache.hive.hcatalog.templeton.MainServer failed to start:
      java.io.IOException: Login failure for webhcat/_HOST@SANDBOX.HADOOP from keytab /opt/application/Hive/current/hcatalog/keytabs/webhcat.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
      
              at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962) ~[hadoop-common-2.7.2.jar:?]
              at org.apache.hive.hcatalog.templeton.Main.runServer(Main.java:169) ~[hive-webhcat-2.1.0.jar:2.1.0]
              at org.apache.hive.hcatalog.templeton.Main.run(Main.java:123) [hive-webhcat-2.1.0.jar:2.1.0]
              at org.apache.hive.hcatalog.templeton.Main.main(Main.java:306) [hive-webhcat-2.1.0.jar:2.1.0]
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101]
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101]
              at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
              at org.apache.hadoop.util.RunJar.run(RunJar.java:221) [hadoop-common-2.7.2.jar:?]
              at org.apache.hadoop.util.RunJar.main(RunJar.java:136) [hadoop-common-2.7.2.jar:?]
      Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
      
              at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856) ~[?:1.7.0_101]
              at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719) ~[?:1.7.0_101]
              at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) ~[?:1.7.0_101]
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101]
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101]
              at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) ~[?:1.7.0_101]
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) ~[?:1.7.0_101]
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) ~[?:1.7.0_101]
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) ~[?:1.7.0_101]
              at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_101]
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) ~[?:1.7.0_101]
              at javax.security.auth.login.LoginContext.login(LoginContext.java:595) ~[?:1.7.0_101]
              at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953) ~[hadoop-common-2.7.2.jar:?]
              ... 9 more
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              BigDataOrange Alexandre Linte
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: