Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-3216

Kerberos ticket is not renewed when using Kerberos authentication with Phoenix JDBC driver

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.5.2, 4.8.0
    • None
    • None
    • None
    • Kerberized

    Description

      When using Phoenix jdbc driver in a Kerberized environment and logging in with a keytab is not automatically renewed.

      Expected:The ticket will be automatically renewed and the Phoenix driver will be able to write to the database.
      Actual: The ticket is not renewed and driver loses access to the database.

      2016-08-15 00:00:59.738 WARN AbstractRpcClient
      [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - Exception encountered
      while connecting to the server : javax.security.sasl.Sa
      slException: GSS initiate failed [Caused by GSSException: No valid credentials
      provided (Mechanism level: Failed to find any Kerberos tgt)]
      2016-08-15 00:00:59.739 ERROR AbstractRpcClient
      [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - SASL authentication
      failed. The most likely cause is missing or invalid crede
      ntials. Consider 'kinit'.
      javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
      No valid credentials provided (Mechanism level: Failed to find any Kerberos
      tgt)]
      at
      com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java
      :211)
      at
      org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClie
      nt.java:179)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClie
      ntImpl.java:611)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.ja
      va:156)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
      7)
      at
      org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
      4)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.ja

      Attachments

        Issue Links

          Activity

            People

              dbahir Dan Bahir
              dbahir Dan Bahir
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: