You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apex.apache.org by "Pramod Immaneni (JIRA)" <ji...@apache.org> on 2016/08/23 23:39:20 UTC
[jira] [Commented] (APEXCORE-515) Refresh tokens failing in some
scenarios with a login failure message
[ https://issues.apache.org/jira/browse/APEXCORE-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15433868#comment-15433868 ]
Pramod Immaneni commented on APEXCORE-515:
------------------------------------------
This is happening when the principal has a group inside. During refresh we are just picking up the username instead of the entire principal.
> Refresh tokens failing in some scenarios with a login failure message
> ---------------------------------------------------------------------
>
> Key: APEXCORE-515
> URL: https://issues.apache.org/jira/browse/APEXCORE-515
> Project: Apache Apex Core
> Issue Type: Bug
> Reporter: Pramod Immaneni
> Assignee: Pramod Immaneni
>
> In some scenarios the token refresh to allow applications to run without shutting down is failing with the following exception
> java.io.IOException: Login failure for xxxxx from keytab
> at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1146)
> at com.datatorrent.stram.security.StramUserLogin.refreshTokens(StramUserLogin.java:96)
> at com.datatorrent.stram.engine.StreamingContainer.heartbeatLoop(StreamingContainer.java:623)
> at com.datatorrent.stram.engine.StreamingContainer.main(StreamingContainer.java:313)
> Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
>
> at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
> at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
> at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
> at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1135)
> ... 3 more
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)