You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hbase.apache.org by "Bogala, Chandra Reddy" <Ch...@gs.com> on 2014/11/19 12:19:26 UTC
hbase: secure login and connection management
Hi,
I am trying to login to secure cluster with keytabs using below methods. It works fine if the token is not expired. My process runs for long time ( web app from tomcat). Keep getting below exceptions after the token expire time and connection fails if the user tries to view data from web page.
What is the better way of handling connections? How to refresh keys automatically?. Is there a spring implementation for managing connections? If yes, can you share sample code.
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("hbase.myclient.principal", "hbase.myclient.keytab");
2014-11-13 08:25:49,899 ERROR [org.apache.hadoop.security.UserGroupInformation] PriviledgedActionException as user@mycompany.com (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
2014-11-13 08:25:49,900 WARN [org.apache.hadoop.ipc.RpcClient] Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
javax.security.sasl.SaslException: GSS initiate failed
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
Thanks,
Chandra
Re: hbase: secure login and connection management
Posted by Matteo Bertozzi <th...@gmail.com>.
Take a look at the patch added to
https://issues.apache.org/jira/browse/HBASE-12366
There will be a new AuthUtil. launchAuthChore() which should help in your
case.
(The doc patch is here https://issues.apache.org/jira/browse/HBASE-12528)
Matteo
On Wed, Nov 19, 2014 at 11:19 AM, Bogala, Chandra Reddy <
Chandra.Bogala@gs.com> wrote:
> Hi,
> I am trying to login to secure cluster with keytabs using below methods.
> It works fine if the token is not expired. My process runs for long time (
> web app from tomcat). Keep getting below exceptions after the token expire
> time and connection fails if the user tries to view data from web page.
> What is the better way of handling connections? How to refresh keys
> automatically?. Is there a spring implementation for managing connections?
> If yes, can you share sample code.
>
>
> UserGroupInformation.setConfiguration(conf);
> UserGroupInformation.loginUserFromKeytab("hbase.myclient.principal",
> "hbase.myclient.keytab");
>
> 2014-11-13 08:25:49,899 ERROR
> [org.apache.hadoop.security.UserGroupInformation]
> PriviledgedActionException as user@mycompany.com (auth:KERBEROS)
> cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to
> find any Kerberos tgt)]
> 2014-11-13 08:25:49,900 WARN [org.apache.hadoop.ipc.RpcClient] Exception
> encountered while connecting to the server :
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to
> find any Kerberos tgt)]
> javax.security.sasl.SaslException: GSS initiate failed
> Caused by: org.ietf.jgss.GSSException: No valid credentials provided
> (Mechanism level: Failed to find any Kerberos tgt)
>
> Thanks,
> Chandra
>
>
>
>