drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sudheesh Katkam <skat...@maprtech.com>
Subject Re: Authentication with PAM fails with Centos 7
Date Tue, 13 Sep 2016 21:25:34 GMT
Hi Pradeeban,

I am not entirely sure what the problem is. The important part from the stack trace is here:

> Invalid user credentials: PAM profile 'pkathi2' validation failed


From code <https://github.com/apache/drill/blob/master/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/security/PamUserAuthenticator.java#L62>,
this error message says that verification against a PAM profile named “pkathi2” failed.

+ So in your case, looks like both username and PAM profile name are the same?
+ We have tested the feature in Centos 6 against “login” and “sudo” profiles. So maybe
some PAM configuration issue specific to “pkathi2” and/or Centos 7?
+ Drill internally uses JPAM <http://jpam.sourceforge.net/> as bridge to PAM. So as
a last resort, you may need to ensure JPAM is working on Centos 7. If you are comfortable
running tests in Java, try this test <https://github.com/gregrluck/jpam/blob/master/src/test/java/net/sf/jpam/PamTest.java>.

Thank you,
Sudheesh

> On Sep 12, 2016, at 10:04 AM, Pradeeban Kathiravelu <kk.pradeeban@gmail.com> wrote:
> 
> Hi,
> I have configured Drill with authentication using PAM successfully several
> times in Ubuntu (14.04 and 16.04). However, when I try to do the same with
> Centos 7 (I have sudo access to this), it fails.
> 
> Please note that this is a simple embedded Drill instance, and it works
> without the authentication configured.
> 
> I followed the same steps -
> https://drill.apache.org/docs/configuring-user-authentication/ for
> authentication. The credentials are correct (despite the error logs
> suggesting them to be wrong below).
> 
> 
> $DRILL_HOME/bin/drill-embedded -n pkathi2 -p *****************
> Java HotSpot(TM) 64-Bit Server VM warning: ignoring option
> MaxPermSize=512M; support was removed in 8.0
> set 12, 2016 12:58:40 PM org.glassfish.jersey.server.ApplicationHandler
> initialize
> INFO: Initiating Jersey application, version Jersey: 2.8 2014-04-29
> 01:25:26...
> set 12, 2016 12:58:41 PM org.glassfish.jersey.internal.Errors logErrors
> WARNING: The following warnings have been detected: HINT: A HTTP GET
> method, public void
> org.apache.drill.exec.server.rest.LogInLogOutResources.logout(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
> throws java.lang.Exception, returns a void type. It can be intentional and
> perfectly fine, but it is a little uncommon that GET method returns always
> "204 No Content".
> 
> Error: Failure in connecting to Drill:
> org.apache.drill.exec.rpc.RpcException: HANDSHAKE_VALIDATION : Status:
> AUTH_FAILED, Error Id: 3f791614-a251-40b2-aa36-d02200f4cb6e, Error message:
> Invalid user credentials: PAM profile 'pkathi2' validation failed
> (state=,code=0)
> java.sql.SQLException: Failure in connecting to Drill:
> org.apache.drill.exec.rpc.RpcException: HANDSHAKE_VALIDATION : Status:
> AUTH_FAILED, Error Id: 3f791614-a251-40b2-aa36-d02200f4cb6e, Error message:
> Invalid user credentials: PAM profile 'pkathi2' validation failed
>    at
> org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:159)
>    at
> org.apache.drill.jdbc.impl.DrillJdbc41Factory.newDrillConnection(DrillJdbc41Factory.java:64)
>    at
> org.apache.drill.jdbc.impl.DrillFactory.newConnection(DrillFactory.java:69)
>    at
> net.hydromatic.avatica.UnregisteredDriver.connect(UnregisteredDriver.java:126)
>    at org.apache.drill.jdbc.Driver.connect(Driver.java:72)
>    at sqlline.DatabaseConnection.connect(DatabaseConnection.java:167)
>    at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:213)
>    at sqlline.Commands.connect(Commands.java:1083)
>    at sqlline.Commands.connect(Commands.java:1015)
>    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>    at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>    at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>    at java.lang.reflect.Method.invoke(Method.java:483)
>    at
> sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36)
>    at sqlline.SqlLine.dispatch(SqlLine.java:742)
>    at sqlline.SqlLine.initArgs(SqlLine.java:528)
>    at sqlline.SqlLine.begin(SqlLine.java:596)
>    at sqlline.SqlLine.start(SqlLine.java:375)
>    at sqlline.SqlLine.main(SqlLine.java:268)
> Caused by: org.apache.drill.exec.rpc.RpcException: HANDSHAKE_VALIDATION :
> Status: AUTH_FAILED, Error Id: 3f791614-a251-40b2-aa36-d02200f4cb6e, Error
> message: Invalid user credentials: PAM profile 'pkathi2' validation failed
>    at
> org.apache.drill.exec.client.DrillClient$FutureHandler.connectionFailed(DrillClient.java:503)
>    at
> org.apache.drill.exec.rpc.user.QueryResultHandler$ChannelClosedHandler.connectionFailed(QueryResultHandler.java:389)
>    at
> org.apache.drill.exec.rpc.BasicClient$ConnectionMultiListener$HandshakeSendHandler.success(BasicClient.java:266)
>    at
> org.apache.drill.exec.rpc.BasicClient$ConnectionMultiListener$HandshakeSendHandler.success(BasicClient.java:249)
>    at
> org.apache.drill.exec.rpc.RequestIdMap$RpcListener.set(RequestIdMap.java:129)
>    at
> org.apache.drill.exec.rpc.BasicClient$ClientHandshakeHandler.consumeHandshake(BasicClient.java:294)
>    at
> org.apache.drill.exec.rpc.AbstractHandshakeHandler.decode(AbstractHandshakeHandler.java:57)
>    at
> org.apache.drill.exec.rpc.AbstractHandshakeHandler.decode(AbstractHandshakeHandler.java:29)
>    at
> io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:89)
>    at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
>    at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
>    at
> io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
>    at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
>    at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
>    at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:242)
>    at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
>    at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
>    at
> io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
>    at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
>    at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
>    at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:847)
>    at
> io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:618)
>    at
> io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:329)
>    at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:250)
>    at
> io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
>    at java.lang.Thread.run(Thread.java:744)
> Caused by: org.apache.drill.exec.rpc.RpcException: Status: AUTH_FAILED,
> Error Id: 3f791614-a251-40b2-aa36-d02200f4cb6e, Error message: Invalid user
> credentials: PAM profile 'pkathi2' validation failed
>    at
> org.apache.drill.exec.rpc.user.UserClient.validateHandshake(UserClient.java:133)
>    at
> org.apache.drill.exec.rpc.user.UserClient.validateHandshake(UserClient.java:53)
>    at
> org.apache.drill.exec.rpc.BasicClient$ConnectionMultiListener$HandshakeSendHandler.success(BasicClient.java:261)
>    ... 23 more
> apache drill 1.7.0
> "start your sql engine"
> 0: jdbc:drill:zk=local>
> 
> Any hint on what is going wrong?
> 
> Thank you.
> Regards,
> Pradeeban.
> -- 
> Pradeeban Kathiravelu.
> PhD Researcher, Erasmus Mundus Joint Doctorate in Distributed Computing,
> INESC-ID Lisboa / Instituto Superior Técnico, Universidade de Lisboa,
> Portugal.
> Biomedical Informatics Software Engineer, Emory University School of
> Medicine.
> 
> Blog: [Llovizna] http://kkpradeeban.blogspot.com/
> LinkedIn: www.linkedin.com/pub/kathiravelu-pradeeban/12/b6a/b03


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message