Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.5.2, 4.8.0
-
None
-
None
-
None
-
Kerberized
Description
When using Phoenix jdbc driver in a Kerberized environment and logging in with a keytab is not automatically renewed.
Expected:The ticket will be automatically renewed and the Phoenix driver will be able to write to the database.
Actual: The ticket is not renewed and driver loses access to the database.
2016-08-15 00:00:59.738 WARN AbstractRpcClient
[hconnection-0x4763c727-metaLookup-shared--pool1-t686] - Exception encountered
while connecting to the server : javax.security.sasl.Sa
slException: GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Failed to find any Kerberos tgt)]
2016-08-15 00:00:59.739 ERROR AbstractRpcClient
[hconnection-0x4763c727-metaLookup-shared--pool1-t686] - SASL authentication
failed. The most likely cause is missing or invalid crede
ntials. Consider 'kinit'.
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)]
at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java
:211)
at
org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClie
nt.java:179)
at
org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClie
ntImpl.java:611)
at
org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.ja
va:156)
at
org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
7)
at
org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
4)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.ja
Attachments
Issue Links
- is related to
-
PHOENIX-3189 HBase/ZooKeeper connection leaks when providing principal/keytab in JDBC url
- Closed
- links to