Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.1.0
-
None
-
None
-
Hive 2.1.0, Hadoop 2.7.2
Description
WebHCat fails to start when the property "templeton.kerberos.principal" doesn't contain the FQDN. The following will create an error
<property>
<name>templeton.kerberos.principal</name>
<value>webhcat/_HOST@SANDBOX.HADOOP</value>
<description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
</property>
The following will work:
<property>
<name>templeton.kerberos.principal</name>
<value>webhcat/webhcat.bigdata.fr@SANDBOX.HADOOP</value>
<description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
</property>
The error produced when _HOST is used is:
Oct 25 10:35:03 webhcat.bigdata.fr webhcat ERROR - org.apache.hive.hcatalog.templeton.MainServer failed to start:
java.io.IOException: Login failure for webhcat/_HOST@SANDBOX.HADOOP from keytab /opt/application/Hive/current/hcatalog/keytabs/webhcat.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962) ~[hadoop-common-2.7.2.jar:?]
at org.apache.hive.hcatalog.templeton.Main.runServer(Main.java:169) ~[hive-webhcat-2.1.0.jar:2.1.0]
at org.apache.hive.hcatalog.templeton.Main.run(Main.java:123) [hive-webhcat-2.1.0.jar:2.1.0]
at org.apache.hive.hcatalog.templeton.Main.main(Main.java:306) [hive-webhcat-2.1.0.jar:2.1.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
at org.apache.hadoop.util.RunJar.run(RunJar.java:221) [hadoop-common-2.7.2.jar:?]
at org.apache.hadoop.util.RunJar.main(RunJar.java:136) [hadoop-common-2.7.2.jar:?]
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856) ~[?:1.7.0_101]
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719) ~[?:1.7.0_101]
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) ~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) ~[?:1.7.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) ~[?:1.7.0_101]
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953) ~[hadoop-common-2.7.2.jar:?]
... 9 more