Return-Path: 
 <user-return-3797-apmail-accumulo-user-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-user-archive@www.apache.org
Delivered-To: apmail-accumulo-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B422310676
	for <apmail-accumulo-user-archive@www.apache.org>;
 Thu, 27 Feb 2014 20:55:17 +0000 (UTC)
Received: (qmail 97695 invoked by uid 500); 27 Feb 2014 20:55:16 -0000
Delivered-To: apmail-accumulo-user-archive@accumulo.apache.org
Received: (qmail 97619 invoked by uid 500); 27 Feb 2014 20:55:16 -0000
Mailing-List: contact user-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@accumulo.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@accumulo.apache.org>
List-Post: <mailto:user@accumulo.apache.org>
List-Id: <user.accumulo.apache.org>
Reply-To: user@accumulo.apache.org
Delivered-To: mailing list user@accumulo.apache.org
Received: (qmail 97611 invoked by uid 99); 27 Feb 2014 20:55:16 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Feb 2014 20:55:16 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of hyokwon.lee@gmail.com
 designates 74.125.83.44 as permitted sender)
Received: from [74.125.83.44] (HELO mail-ee0-f44.google.com) (74.125.83.44)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Feb 2014 20:55:11 +0000
Received: by mail-ee0-f44.google.com with SMTP id d49so1742213eek.31
        for <user@accumulo.apache.org>; Thu, 27 Feb 2014 12:54:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=wn5Ixm18IKr8ptm4IhUxCPqyEFytymSL4LK9kbV3eVw=;
        b=tq9NKdBC4DHv0OzfJxj8z5USCHp9it3meYmSd/bBp8xPAx5hOdH/u8GV1az/x9Ktqu
         P4puBucuC1tu9Xnqqfnq7FVfwdCWa5cUL8zzdDFXQVgQcxwNyID4bg7Bfr2u1vJpd57n
         xuAwYxoVSm6I5T+tEvHal6X2acRDT1nao5Mh48EUKrv6pEE4nJA36vTvxL+VcvEogmNw
         WOZNw4xeuMcxZo+wPjB27aidw5QWOJrprjvJV4wHUdX0DanYP2mCIyvLHM4+QYLc0cX6
         LC1Tdn1UjyQJWpXHMXlSh5ykARA4jY16dfB8XbF7XqSn6c4M92v0joukm5G+vvktlfte
         LRUg==
MIME-Version: 1.0
X-Received: by 10.205.42.129 with SMTP id ty1mr3879732bkb.9.1393534490027;
 Thu, 27 Feb 2014 12:54:50 -0800 (PST)
Received: by 10.204.81.78 with HTTP; Thu, 27 Feb 2014 12:54:49 -0800 (PST)
In-Reply-To: 
 <FEE0EFDFBE0E6F4784CBC0D3FD2FD7F6194F3A1B@EMP-EXMR102.corp.leidos.com>
References: 
 <CAA-2HAFw47et34XjwKzSuCSzXiJfPgdxoiGn94UOR2gP-Hqdnw@mail.gmail.com>
	<CAGHyZ6K3H-cOv9LPe0vv4be6X4PBmyRaDk8V=wJLhXvPvZJYyw@mail.gmail.com>
	<CAA-2HAHA91YhLh9fhbX284PSUKNfSnd_wXdAZ1qs2+jjL3Dr_A@mail.gmail.com>
	<CADczPYSxE0g+6JNS6AjinzZzMpzLdE5RggONPB8kfVtVscYSQw@mail.gmail.com>
	<CAA-2HAGhqXnurYYf2eOVzWgAmTRLcWjS+vEoH85kvf6vKqMSUA@mail.gmail.com>
	<CAA-2HAE4+d6SjAc-bTXjQ2SdF20h2REyJ0upH4kMPwPN1ijeKQ@mail.gmail.com>
	<FEE0EFDFBE0E6F4784CBC0D3FD2FD7F6194F3A1B@EMP-EXMR102.corp.leidos.com>
Date: Thu, 27 Feb 2014 15:54:49 -0500
Message-ID: 
 <CAA-2HAFx52YQACqUhq230DHYjOw6TFw3_Tmy7Zk3xjvqiy6MqA@mail.gmail.com>
Subject: Re: Accumulo with Kerberos Error
From: Hyokwon Lee <hyokwon.lee@gmail.com>
To: user@accumulo.apache.org
Content-Type: multipart/alternative; boundary=bcaec52994c542ce0b04f369885a
X-Virus-Checked: Checked by ClamAV on apache.org

--bcaec52994c542ce0b04f369885a
Content-Type: text/plain; charset=ISO-8859-1

I am seeing a couple differences in my kerberos debug logs depending on if
it is creating the ticket with the keytab or myself manually kiniting using
the same keytab.

Kerberos Debug Log for `hadoop fs -ls /accumulo` after I manually `kinit
-kt /opt/accumulo/conf/accumulo.keytab accumulo/accumulo.test.local`:

Config name: /etc/krb5.conf
>>>KinitOptions cache name is /tmp/krb5cc_0
>>>DEBUG <CCacheInputStream>  client principal is
accumulo/accumulo.test.local@TEST.LOCAL
>>>DEBUG <CCacheInputStream> server principal is
krbtgt/TEST.LOCAL@TEST.LOCAL
>>>DEBUG <CCacheInputStream> key type: 18
>>>DEBUG <CCacheInputStream> auth time: Thu Feb 27 12:40:33 PST 2014
>>>DEBUG <CCacheInputStream> start time: Thu Feb 27 12:40:33 PST 2014
>>>DEBUG <CCacheInputStream> end time: Thu Feb 27 12:45:33 PST 2014
>>>DEBUG <CCacheInputStream> renew_till time: Thu Feb 27 13:00:33 PST 2014
CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE; INITIAL;

Accumulo Kerberos Debug Log:

Client Principal = accumulo/accumulo.test.local@TEST.LOCAL
Server Principal = hdfs/accumulo.test.local@TEST.LOCAL
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Thu Feb 27 12:43:22 PST 2014
Start Time = Thu Feb 27 12:43:25 PST 2014
End Time = Thu Feb 27 12:48:22 PST 2014
Renew Till = null

Major differences to note are Server Principal, Renewable and Initial
Flags, and the Renew Till values.  Could this be the cause of my current
issue?  If so why would accumulo using the same keytab and principal get
these different values?

Thanks,

Hokie

--bcaec52994c542ce0b04f369885a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I am seeing a couple differences in my kerberos debug=
 logs depending on if it is creating the ticket with the keytab or myself m=
anually kiniting using the same keytab.</div><div><br></div><div>Kerberos D=
ebug Log for `hadoop fs -ls /accumulo` after I manually `kinit -kt /opt/acc=
umulo/conf/accumulo.keytab accumulo/accumulo.test.local`:</div>
<div><br></div><div><div>Config name: /etc/krb5.conf</div>
<div>&gt;&gt;&gt;KinitOptions cache name is /tmp/krb5cc_0</div><div>&gt;&gt=
;&gt;DEBUG &lt;CCacheInputStream&gt; =A0client principal is accumulo/accumu=
lo.test.local@TEST.LOCAL</div><div>&gt;&gt;&gt;DEBUG &lt;CCacheInputStream&=
gt; server principal is krbtgt/TEST.LOCAL@TEST.LOCAL</div>

<div>&gt;&gt;&gt;DEBUG &lt;CCacheInputStream&gt; key type: 18</div><div>&gt=
;&gt;&gt;DEBUG &lt;CCacheInputStream&gt; auth time: Thu Feb 27 12:40:33 PST=
 2014</div><div>&gt;&gt;&gt;DEBUG &lt;CCacheInputStream&gt; start time: Thu=
 Feb 27 12:40:33 PST 2014</div>

<div>&gt;&gt;&gt;DEBUG &lt;CCacheInputStream&gt; end time: Thu Feb 27 12:45=
:33 PST 2014</div><div>&gt;&gt;&gt;DEBUG &lt;CCacheInputStream&gt; renew_ti=
ll time: Thu Feb 27 13:00:33 PST 2014</div></div><div>CCacheInputStream: re=
adFlags() =A0FORWARDABLE; RENEWABLE; INITIAL;<br>

</div><div><br></div><div>Accumulo Kerberos Debug Log:</div><div><br></div>=
<div><div>Client Principal =3D accumulo/accumulo.test.local@TEST.LOCAL</div=
><div>Server Principal =3D hdfs/accumulo.test.local@TEST.LOCAL</div></div>
<div>
<div>Forwardable Ticket true</div><div>Forwarded Ticket false</div><div>Pro=
xiable Ticket false</div><div>Proxy Ticket false</div><div>Postdated Ticket=
 false</div><div>Renewable Ticket false</div><div>Initial Ticket false</div=
>

<div>Auth Time =3D Thu Feb 27 12:43:22 PST 2014</div><div>Start Time =3D Th=
u Feb 27 12:43:25 PST 2014</div><div>End Time =3D Thu Feb 27 12:48:22 PST 2=
014</div><div>Renew Till =3D null</div></div><div><br></div><div>Major diff=
erences to note are Server Principal, Renewable and Initial Flags, and the =
Renew Till values. =A0Could this be the cause of my current issue? =A0If so=
 why would accumulo using the same keytab and principal get these different=
 values? =A0</div>
<div><br></div><div>Thanks,</div><div><br></div><div>Hokie</div></div>

--bcaec52994c542ce0b04f369885a--