You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/06/14 00:49:57 UTC

[jira] [Commented] (FALCON-2025) Periodic revalidation of kerberos credentials should be done on loginUser

    [ https://issues.apache.org/jira/browse/FALCON-2025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15328721#comment-15328721 ] 

ASF GitHub Bot commented on FALCON-2025:
----------------------------------------

GitHub user bvellanki opened a pull request:

    https://github.com/apache/falcon/pull/183

    FALCON-2025 Periodic revalidation of kerberos credentials should be done on loginUser

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/bvellanki/falcon FALCON-2025

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/falcon/pull/183.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #183
    
----
commit 6763755f3dd1c75256498aab4400d7dbc09974c4
Author: bvellanki <bv...@hortonworks.com>
Date:   2016-06-14T00:47:26Z

    FALCON-2025 Periodic revalidation of kerberos credentials should be done on loginUser

----


> Periodic revalidation of kerberos credentials should be done on loginUser
> -------------------------------------------------------------------------
>
>                 Key: FALCON-2025
>                 URL: https://issues.apache.org/jira/browse/FALCON-2025
>             Project: Falcon
>          Issue Type: Bug
>            Reporter: Balu Vellanki
>            Assignee: Balu Vellanki
>             Fix For: trunk, 0.10
>
>
> For some users, Falcon server fails to perform any operations on workflow engine after the kerberos credentials expire. Falcon server periodically revalidates the credentials from keytab saying ugi.checkTGTAndReloginFromKeytab(), but this operation will not work when ugi belongs to proxy user. The relogin should be done on UserGroupInformation.getLoginUser() for the falcon credentials to be renewed. 
> The error looks as follows.
> {code}
> falcon instance -list -type process -name procName 
> log4j:WARN No appenders could be found for logger (org.apache.hadoop.security.authentication.client.KerberosAuthenticator). 
> log4j:WARN Please initialize the log4j system properly. 
> log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. 
> ERROR: Bad Request;default/org.apache.falcon.FalconWebException::org.apache.falcon.FalconException: java.io.IOException: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "machine.test.group/<IP Addr>"; destination host is: "machine.test.group":8020; 
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)