You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Rakesh Enjala <ra...@solix.com.INVALID> on 2019/06/23 14:34:45 UTC
Solr Cloud Kerberos cookie rejected spnego
Hi Team,
Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
below error
org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials
provided (Mechanism level: Server not found in Kerberos database (7)))
org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
[hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:xxxx Illegal
domain attribute "". Domain of origin: "localhost"
enabled krb5 debug true and am able to find the actual problem is that
sname is HTTP/localhost@REALM.COM, it should be HTTP/@DOMAIN1.COM not the
localhost
solr.in.sh
SOLR_AUTH_TYPE="kerberos"
SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
-Djava.security.auth.login.config=/solr/jaas.conf
-Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
-Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
Please help me out!
*Regards,*
*Rakesh Enjala*
Re: Solr Cloud Kerberos cookie rejected spnego
Posted by Rakesh Enjala <ra...@solix.com.INVALID>.
Hi Team,
Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
below error
org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials
provided (Mechanism level: Server not found in Kerberos database (7)))
org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
[hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:xxxx Illegal
domain attribute "". Domain of origin: "localhost"
enabled krb5 debug true and am able to find the actual problem is that
sname is HTTP/localhost@REALM.COM, it should be HTTP/<FQDN>@DOMAIN1.COM
<http://domain1.com/> not the localhost
solr.in.sh
SOLR_AUTH_TYPE="kerberos"
SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
-Djava.security.auth.login.config=/solr/jaas.conf
-Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
-Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/<FQDN>@
DOMAIN1.COM <http://domain1.com/> -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
Please help me out!
*Regards,*
*Rakesh Enjala*
On Sun, Jun 23, 2019 at 8:04 PM Rakesh Enjala <ra...@solix.com>
wrote:
> Hi Team,
>
> Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
> below error
>
> org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
> error: No valid credentials provided (Mechanism level: No valid credentials
> provided (Mechanism level: Server not found in Kerberos database (7)))
> org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
> [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:xxxx
> Illegal domain attribute "". Domain of origin: "localhost"
>
> enabled krb5 debug true and am able to find the actual problem is that
> sname is HTTP/localhost@REALM.COM, it should be HTTP/@DOMAIN1.COM not the
> localhost
>
> solr.in.sh
>
> SOLR_AUTH_TYPE="kerberos"
> SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
> -Djava.security.auth.login.config=/solr/jaas.conf
> -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
> -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
> DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
>
> Please help me out!
> *Regards,*
> *Rakesh Enjala*
>
Re: Solr Cloud Kerberos cookie rejected spnego
Posted by Kevin Risden <kr...@apache.org>.
I don't think a Kerberos ticket without the hostname makes sense. You
almost always need a valid hostname and DNS for Kerberos to work
successfully.
Kevin Risden
On Sun, Jun 23, 2019 at 10:54 AM Rakesh Enjala
<ra...@solix.com.invalid> wrote:
> Hi Team,
>
> Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
> below error
>
> org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
> error: No valid credentials provided (Mechanism level: No valid credentials
> provided (Mechanism level: Server not found in Kerberos database (7)))
> org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
> [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:xxxx
> Illegal
> domain attribute "". Domain of origin: "localhost"
>
> enabled krb5 debug true and am able to find the actual problem is that
> sname is HTTP/localhost@REALM.COM, it should be HTTP/@DOMAIN1.COM not the
> localhost
>
> solr.in.sh
>
> SOLR_AUTH_TYPE="kerberos"
>
> SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
> -Djava.security.auth.login.config=/solr/jaas.conf
> -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
> -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
> DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
>
> Please help me out!
> *Regards,*
> *Rakesh Enjala*
>