Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-3216

Kerberos ticket is not renewed when using Kerberos authentication with Phoenix JDBC driver

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.5.2, 4.8.0
    • Fix Version/s: None
    • Labels:
      None
    • Environment:

      Kerberized

      Description

      When using Phoenix jdbc driver in a Kerberized environment and logging in with a keytab is not automatically renewed.

      Expected:The ticket will be automatically renewed and the Phoenix driver will be able to write to the database.
      Actual: The ticket is not renewed and driver loses access to the database.

      2016-08-15 00:00:59.738 WARN AbstractRpcClient
      [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - Exception encountered
      while connecting to the server : javax.security.sasl.Sa
      slException: GSS initiate failed [Caused by GSSException: No valid credentials
      provided (Mechanism level: Failed to find any Kerberos tgt)]
      2016-08-15 00:00:59.739 ERROR AbstractRpcClient
      [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - SASL authentication
      failed. The most likely cause is missing or invalid crede
      ntials. Consider 'kinit'.
      javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
      No valid credentials provided (Mechanism level: Failed to find any Kerberos
      tgt)]
      at
      com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java
      :211)
      at
      org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClie
      nt.java:179)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClie
      ntImpl.java:611)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.ja
      va:156)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
      7)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
      4)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.ja

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dbahir Dan Bahir
                Reporter:
                dbahir Dan Bahir
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: