You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Sergey Soldatov (JIRA)" <ji...@apache.org> on 2016/04/02 01:34:26 UTC
[jira] [Created] (PHOENIX-2817) Phoenix-Spark plugin doesn't work
in secured env
Sergey Soldatov created PHOENIX-2817:
----------------------------------------
Summary: Phoenix-Spark plugin doesn't work in secured env
Key: PHOENIX-2817
URL: https://issues.apache.org/jira/browse/PHOENIX-2817
Project: Phoenix
Issue Type: Bug
Affects Versions: 4.4.0, 4.7.0
Reporter: Sergey Soldatov
Assignee: Sergey Soldatov
When phoenix spark plugin is used with secured setup any attempt to perform operation with PhoenixRDD cause an exception :
{noformat}
Caused by: java.io.IOException: Login failure for 2181 from keytab /hbase: javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:275)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
at org.apache.hadoop.hbase.security.User.login(User.java:253)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
... 107 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
... 111 more
{noformat}
The reason is the how zkUrl is handled in PhoenixRDD:
{noformat}
config.set(HConstants.ZOOKEEPER_QUORUM, url )
{noformat}
At the same time the {{ConnectionUtil.getInputConnection}} expects to see all parameters (quorum address, port, znodeParent) in different Configuration properties. As the result it gets default values for port and znodeParent and adds it to the provided url, so the {{PhoenixEmbededDriver.create}} receives something like that:
{noformat}
jdbc:phoenix:quorum:2181:/hbase-secure:2181:/hbase
{noformat}
and consider 2 fields as kerberos principal and keytab.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)