You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flink.apache.org by Paul Lam <pa...@gmail.com> on 2018/08/13 12:51:17 UTC
Kerberos Configuration Does Not Apply To Krb5LoginModule
Hi,
I built Flink from the latest 1.5.x source code, and got some strange outputs from the command line when submitting a Flink job to the YARN cluster.
2018-08-13 19:29:47,325 INFO org.apache.flink.yarn.AbstractYarnClusterDescriptor - YARN application has been deployed successfully.
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /home/hadoop/keytab/catmint.keytab refreshKrb5Config is true principal is flink/gdc-flinkyarngw01-catmint.i.nease.net@NIE.NETEASE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
principal is flink/gdc-flinkyarngw01-catmint.i.nease.net@NIE.NETEASE.COM
Will use keytab
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed
Unable to obtain Principal Name for authentication
Commit Succeeded
There were two authentication logging outputs, both were printed to the stdout. The former one is right, and the later is not.
It seemed that the Krb5LoginModule failed to read the configuration file and thus used the ticket cache for authentication. I’ve looked into the code, but still have no clue about where these logs came from.
Could someone help me with this? Thanks!
Best Regards,
Paul Lam
Re: Kerberos Configuration Does Not Apply To Krb5LoginModule
Posted by Fabian Hueske <fh...@gmail.com>.
Hi Paul,
Maybe Aljoscha (in CC) can help you with this question.
AFAIK, he has some experience with Flink and Kerberos.
Best, Fabian
2018-08-13 14:51 GMT+02:00 Paul Lam <pa...@gmail.com>:
> Hi,
>
> I built Flink from the latest 1.5.x source code, and got some strange
> outputs from the command line when submitting a Flink job to the
> YARN cluster.
>
> 2018-08-13 19:29:47,325 INFO org.apache.flink.yarn.
> AbstractYarnClusterDescriptor - YARN application has been
> deployed successfully.
> Debug is true storeKey true useTicketCache false useKeyTab true
> doNotPrompt true ticketCache is null isInitiator true KeyTab is
> /home/hadoop/keytab/catmint.keytab refreshKrb5Config is true principal is
> flink/gdc-flinkyarngw01-catmint.i.nease.net@NIE.NETEASE.COM tryFirstPass
> is false useFirstPass is false storePass is false clearPass is false
> Refreshing Kerberos configuration
> principal is flink/gdc-flinkyarngw01-catmint.i.nease.net@NIE.NETEASE.COM
> Will use keytab
> Debug is true storeKey false useTicketCache true useKeyTab false
> doNotPrompt true ticketCache is null isInitiator true KeyTab is null
> refreshKrb5Config is false principal is null tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false
> Acquire TGT from Cache
> Principal is null
> null credentials from Ticket Cache
> [Krb5LoginModule] authentication failed
> Unable to obtain Principal Name for authentication
> Commit Succeeded
>
> There were two authentication logging outputs, both were printed to the
> stdout. The former one is right, and the later is not.
>
> It seemed that the Krb5LoginModule failed to read the configuration file
> and thus used the ticket cache for authentication. I’ve looked into the
> code, but still have no clue about where these logs came from.
>
> Could someone help me with this? Thanks!
>
> Best Regards,
> Paul Lam
>