phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-3216) Kerberos ticket is not renewed when using Kerberos authentication with Phoenix JDBC driver
Date Mon, 29 Aug 2016 15:58:21 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15446263#comment-15446263
] 

ASF GitHub Bot commented on PHOENIX-3216:
-----------------------------------------

GitHub user dbahir opened a pull request:

    https://github.com/apache/phoenix/pull/203

    [PHOENIX-3216] Kerberos ticket is not renewed when using Kerberos authentication with
Phoenix JDBC driver

    Kerberos ticket is not renewed when using Kerberos authentication with Phoenix JDBC driver.
That is caused by UserInformationGroup loginUserFromKeytab being called multiple time from
different threads if using a multi threaded environment. this fix ensures that there will
only be one login per process.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/dbahir/phoenix master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/phoenix/pull/203.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #203
    
----
commit 37789fcfa1b322fac64bdebb9fb903313b3c1686
Author: Dan <dbahir@bloomberg.net>
Date:   2016-08-29T15:52:57Z

    Ensure UGI's loginUserFromKeytab is only called once per JVM

----


> Kerberos ticket is not renewed when using Kerberos authentication with Phoenix JDBC driver
> ------------------------------------------------------------------------------------------
>
>                 Key: PHOENIX-3216
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3216
>             Project: Phoenix
>          Issue Type: Bug
>    Affects Versions: 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.5.2, 4.8.0
>         Environment: Kerberized
>            Reporter: Dan Bahir
>            Assignee: Dan Bahir
>             Fix For: 4.9.0, 4.8.1
>
>
> When using Phoenix jdbc driver in a Kerberized environment and logging in with a keytab
is not automatically renewed.
> Expected:The ticket will be automatically renewed and the Phoenix driver will be able
to write to the database.
> Actual: The ticket is not renewed and driver loses access to the database.
> 2016-08-15 00:00:59.738 WARN  AbstractRpcClient 
> [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - Exception encountered 
> while connecting to the server : javax.security.sasl.Sa
> slException: GSS initiate failed [Caused by GSSException: No valid credentials 
> provided (Mechanism level: Failed to find any Kerberos tgt)]
> 2016-08-15 00:00:59.739 ERROR AbstractRpcClient 
> [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - SASL authentication 
> failed. The most likely cause is missing or invalid crede
> ntials. Consider 'kinit'.
> javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: 
> No valid credentials provided (Mechanism level: Failed to find any Kerberos 
> tgt)]
>         at 
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java
> :211)
>         at 
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClie
> nt.java:179)
>         at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClie
> ntImpl.java:611)
>         at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.ja
> va:156)
>         at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
> 7)
>         at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
> 4)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAs(Subject.ja



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message