You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@druid.apache.org by Furkan KAMACI <fu...@gmail.com> on 2021/08/28 10:05:16 UTC

Druid Kerberos Error

Hi,

I get an error when trying to enable Kerberos at Druid cluster.

*This is from router logs:*

2021-08-26T10:38:10,391 WARN [qtp223566397-107]
org.apache.druid.security.kerberos.KerberosAuthenticator -
AuthenticationToken ignored:
org.apache.hadoop.security.authentication.util.SignerException: Invalid
signed text:

2021-08-26T10:38:10,391 WARN [qtp223566397-109]
org.apache.druid.security.kerberos.KerberosAuthenticator -
AuthenticationToken ignored:
org.apache.hadoop.security.authentication.util.SignerException: Invalid
signed text:

2021-08-26T10:38:33,861 ERROR [CoordinatorRuleManager-Exec--0]
org.apache.druid.server.router.CoordinatorRuleManager - Exception while
polling for rules

org.apache.druid.java.util.common.ISE: Error while polling rules,
status[403 Forbidden] content[<html>

<head>

<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>

<title>Error 403
org.apache.hadoop.security.authentication.util.SignerException: Invalid
signed text: </title>

</head>

<body><h2>HTTP ERROR 403
org.apache.hadoop.security.authentication.util.SignerException: Invalid
signed text: </h2>

<table>

<tr><th>URI:</th><td>/druid/coordinator/v1/rules</td></tr>

<tr><th>STATUS:</th><td>403</td></tr>

<tr><th>MESSAGE:</th><td>org.apache.hadoop.security.authentication.util.SignerException:
Invalid signed text: </td></tr>

<tr><th>SERVLET:</th><td>default</td></tr>

</table>

</body>

</html>


*This is from broker log:*

2021-08-26T10:43:35,360 WARN [DruidSchema-Cache-0]
org.apache.druid.server.QueryLifecycle - Exception while processing queryId
[a0d9d4a8-ef13-42f5-84d9-daad68f10814]
(QueryInterruptedException{msg=Invalid type marker byte 0x3c for expected
value token

at [Source: (SequenceInputStream); line: -1, column: 1], code=Unknown
exception, class=com.fasterxml.jackson.core.JsonParseException, host=
abc.dbgt.com:8083})

2021-08-26T10:43:35,360 WARN [DruidSchema-Cache-0]
org.apache.druid.sql.calcite.schema.DruidSchema - Metadata refresh failed,
trying again soon.

org.apache.druid.query.QueryInterruptedException: Invalid type marker byte
0x3c for expected value token

at [Source: (SequenceInputStream); line: -1, column: 1]

*Here is my config:*

druid.auth.authenticatorChain=["kerberos"]

# kerberos authentication

druid.auth.authenticator.kerberos.type=kerberos

druid.auth.authenticator.kerberos.serverPrincipal=XXXXX

druid.auth.authenticator.kerberos.serverKeytab=/home/XXXXX.kt

druid.auth.authenticator.kerberos.authorizerName=SASL_PLAINTEXT

druid.escalator.type=kerberos

druid.escalator.internalClientPrincipal=XXXXXX

druid.escalator.internalClientKeytab=/home/XXXXX.kt

druid.escalator.authorizerName=SASL_PLAINTEXT

*Here is the plugins:*

druid.extensions.loadList=["druid-histogram",
"druid-kafka-indexing-service", "druid-datasketches",
"druid-lookups-cached-global", "postgresql-metadata-storage",
"druid-kerberos", "druid-basic-security"]

What can be the reason for that?

Kind Regards,
Furkan KAMACI