You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apex.apache.org by "Pramod Immaneni (JIRA)" <ji...@apache.org> on 2016/08/23 23:39:20 UTC

[jira] [Commented] (APEXCORE-515) Refresh tokens failing in some scenarios with a login failure message

    [ https://issues.apache.org/jira/browse/APEXCORE-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15433868#comment-15433868 ] 

Pramod Immaneni commented on APEXCORE-515:
------------------------------------------

This is happening when the principal has a group inside. During refresh we are just picking up the username instead of the entire principal.

> Refresh tokens failing in some scenarios with a login failure message
> ---------------------------------------------------------------------
>
>                 Key: APEXCORE-515
>                 URL: https://issues.apache.org/jira/browse/APEXCORE-515
>             Project: Apache Apex Core
>          Issue Type: Bug
>            Reporter: Pramod Immaneni
>            Assignee: Pramod Immaneni
>
> In some scenarios the token refresh to allow applications to run without shutting down is failing with the following exception
> java.io.IOException: Login failure for xxxxx from keytab
>         at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1146)
>         at com.datatorrent.stram.security.StramUserLogin.refreshTokens(StramUserLogin.java:96)
>         at com.datatorrent.stram.engine.StreamingContainer.heartbeatLoop(StreamingContainer.java:623)
>         at com.datatorrent.stram.engine.StreamingContainer.main(StreamingContainer.java:313)
> Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
>  
>         at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
>         at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
>         at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:497)
>         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
>         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
>         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
>         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>         at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
>         at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1135)
>         ... 3 more



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)