You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Alexandre Linte (JIRA)" <ji...@apache.org> on 2016/10/25 08:38:58 UTC
[jira] [Created] (HIVE-15052) Webhcat can't handle "_HOST" in
templeton.kerberos.principal
Alexandre Linte created HIVE-15052:
--------------------------------------
Summary: Webhcat can't handle "_HOST" in templeton.kerberos.principal
Key: HIVE-15052
URL: https://issues.apache.org/jira/browse/HIVE-15052
Project: Hive
Issue Type: Bug
Components: WebHCat
Affects Versions: 2.1.0
Environment: Hive 2.1.0, Hadoop 2.7.2
Reporter: Alexandre Linte
WebHCat fails to start when the property "templeton.kerberos.principal" doesn't contain the FQDN. The following will create an error
{noformat}
<property>
<name>templeton.kerberos.principal</name>
<value>webhcat/_HOST@SANDBOX.HADOOP</value>
<description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
</property>
{noformat}
The following will work:
{noformat}
<property>
<name>templeton.kerberos.principal</name>
<value>webhcat/webhcat.bigdata.fr@SANDBOX.HADOOP</value>
<description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
</property>
{noformat}
The error produced when _HOST is used is:
{noformat}
Oct 25 10:35:03 webhcat.bigdata.fr webhcat ERROR - org.apache.hive.hcatalog.templeton.MainServer failed to start:
java.io.IOException: Login failure for webhcat/_HOST@SANDBOX.HADOOP from keytab /opt/application/Hive/current/hcatalog/keytabs/webhcat.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962) ~[hadoop-common-2.7.2.jar:?]
at org.apache.hive.hcatalog.templeton.Main.runServer(Main.java:169) ~[hive-webhcat-2.1.0.jar:2.1.0]
at org.apache.hive.hcatalog.templeton.Main.run(Main.java:123) [hive-webhcat-2.1.0.jar:2.1.0]
at org.apache.hive.hcatalog.templeton.Main.main(Main.java:306) [hive-webhcat-2.1.0.jar:2.1.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
at org.apache.hadoop.util.RunJar.run(RunJar.java:221) [hadoop-common-2.7.2.jar:?]
at org.apache.hadoop.util.RunJar.main(RunJar.java:136) [hadoop-common-2.7.2.jar:?]
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856) ~[?:1.7.0_101]
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719) ~[?:1.7.0_101]
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) ~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) ~[?:1.7.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) ~[?:1.7.0_101]
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953) ~[hadoop-common-2.7.2.jar:?]
... 9 more
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)