drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Parag Darji (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5433) Authentication failed: Server requires authentication using [kerberos, plain]
Date Mon, 17 Apr 2017 19:05:41 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971500#comment-15971500
] 

Parag Darji commented on DRILL-5433:
------------------------------------

Before I was using single principal per cluster(drill/labhdp@LAB.COM), now I created principal
per node (drill/host1.fqdn@LAB.COM).
Updated the drill-override.conf:
{code}
auth.principal:"drill/_host@LAB.COM",
{code}

Now I'm seeing different error (for both users "test" and "drill").

{code}
test@:/home/test> test@altbthdlhdpsb01:/home/test> klist
Ticket cache: FILE:/tmp/krb5cc_5007
Default principal: test/labhdp@LAB.COM

Valid starting     Expires            Service principal
04/13/17 15:00:25  04/14/17 15:00:25  krbtgt/LAB.COM@LAB.COM
        renew until 04/13/17 15:00:25

test@:/home/test> sqlline -u "jdbc:drill:zk=host1.fqdn;auth=kerberos"
Bad level value for property: java.util.logging.ConsoleHandler.level
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
>> Look up native default credential cache
>>>KinitOptions cache name is /tmp/krb5cc_5007
>>>DEBUG <CCacheInputStream>  client principal is test/labhdp@LAB.COM
>>>DEBUG <CCacheInputStream> server principal is krbtgt/LAB.COM@LAB.COM
>>>DEBUG <CCacheInputStream> key type: 18
>>>DEBUG <CCacheInputStream> auth time: Mon Apr 17 14:38:45 EDT 2017
>>>DEBUG <CCacheInputStream> start time: Mon Apr 17 14:38:45 EDT 2017
>>>DEBUG <CCacheInputStream> end time: Tue Apr 18 14:38:45 EDT 2017
>>>DEBUG <CCacheInputStream> renew_till time: Mon Apr 17 14:38:45 EDT 2017
>>> CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE; INITIAL;
>>>DEBUG <CCacheInputStream>  client principal is test/labhdp@LAB.COM
>>>DEBUG <CCacheInputStream> server principal is X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/LAB.COM@LAB.COM
>>>DEBUG <CCacheInputStream> key type: 0
>>>DEBUG <CCacheInputStream> auth time: Wed Dec 31 19:00:00 EST 1969
>>>DEBUG <CCacheInputStream> start time: null
>>>DEBUG <CCacheInputStream> end time: Wed Dec 31 19:00:00 EST 1969
>>>DEBUG <CCacheInputStream> renew_till time: null
>>> CCacheInputStream: readFlags()
Can't set level for java.util.logging.ConsoleHandler
Search Subject for Kerberos V5 INIT cred (<<DEF>>, sun.security.jgss.krb5.Krb5InitCredential)
Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18
14:38:45 EDT 2017
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18
14:38:45 EDT 2017
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23 1 3.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KdcAccessibility: reset
>>> KrbKdcReq send: kdc=host1.fqdn UDP:88, timeout=3, number of retries =3, #bytes=679
>>> KDCCommunication: kdc=host1.fqdn UDP:88, timeout=3,Attempt =1, #bytes=679
>>> KrbKdcReq send: #bytes read=675
>>> KdcAccessibility: remove host1.fqdn
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
Krb5Context setting mySeqNumber to: 893845010
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 02 52 30 82   02 4E A0 03 02 01 05 A1  ..n..R0..N......
0010: 03 02 01 0E A2 07 03 05   00 00 00 00 00 A3 82 01  ................
0020: 63 61 82 01 5F 30 82 01   5B A0 03 02 01 05 A1 09  ca.._0..[.......
0030: 1B 07 4C 41 42 2E 43 4F   4D A2 2E 30 2C A0 03 02  ..LAB.COM..0,...
0040: 01 00 A1 25 30 23 1B 05   64 72 69 6C 6C 1B 1A 61  ...%0#..drill..a
0050: 6C 74 62 74 68 64 6C 68   64 70 73 62 30 31 2E 63  ltbthdlhdpsb01.c
0060: 73 63 64 65 76 2E 63 6F   6D A3 82 01 17 30 82 01  scdev.com....0..
0070: 13 A0 03 02 01 12 A1 03   02 01 02 A2 82 01 05 04  ................
0080: 82 01 01 FA F8 F6 F2 4E   F4 FF 07 2C E7 5D B2 85  .......N...,.]..
0090: 0F E1 03 E4 AE 65 E0 81   6F 23 EB 70 DC D2 24 7A  .....e..o#.p..$z
00A0: 0A 54 5C E8 44 E7 67 80   D8 E6 8C DC AC 09 7F F3  .T\.D.g.........
00B0: CB CE 0D 1A CC 82 05 D4   9E DE 2E E6 53 7B B8 E5  ............S...
00C0: AF F4 5F B7 59 54 F2 70   9A EC 0C E1 EB 65 79 5A  .._.YT.p.....eyZ
00D0: 68 F7 97 B6 2F F8 DF 0A   0A 79 E9 0A 1B 23 4B 93  h.../....y...#K.
00E0: 6C 53 F4 85 A3 45 5C B9   19 4C 2B DB 29 3D 13 41  lS...E\..L+.)=.A
00F0: D3 50 1F 08 60 FC A2 23   89 91 A4 3B 5C 01 F5 A5  .P..`..#...;\...
0100: E0 12 55 00 D1 A0 77 AB   34 4A 97 42 68 C5 89 9A  ..U...w.4J.Bh...
0110: 38 29 75 5A FE 77 D8 E3   9F 07 DB 82 9B 73 97 BA  8)uZ.w.......s..
0120: 05 84 7B 74 71 BC A4 BD   B0 12 74 99 B3 88 E5 02  ...tq.....t.....
0130: 3A 49 BF 93 12 06 C6 10   83 B0 4E B3 CF D5 DE 2F  :I........N..../
0140: 82 19 54 4B 64 21 AA 24   DE E5 59 7B E5 5F 00 37  ..TKd!.$..Y.._.7
0150: AA 61 16 5E 04 30 0C 53   40 DD 3F D6 A1 D6 80 E7  .a.^.0.S@.?.....
0160: F9 F4 37 2F 2F 1A B3 51   2D 83 0E 3D 3E AF CB 49  ..7//..Q-..=>..I
0170: 9A 4D 01 90 64 FB 50 DC   8A AB 02 86 20 56 0E DC  .M..d.P..... V..
0180: 57 AF 1B 0A A4 81 D1 30   81 CE A0 03 02 01 12 A2  W......0........
0190: 81 C6 04 81 C3 59 13 A8   C2 39 81 78 11 7D 15 27  .....Y...9.x...'
01A0: 1D CC 9B D4 E8 1C 8A 0A   9A EA 74 27 F7 43 76 9F  ..........t'.Cv.
01B0: 21 4F 96 EF 32 85 2C F6   4A 7E 72 D8 6F 5C 8E 66  !O..2.,.J.r.o\.f
01C0: B7 61 E7 68 DB DD 83 08   6B C3 65 C0 C7 21 25 E6  .a.h....k.e..!%.
01D0: F7 41 D8 52 15 54 14 DD   A5 75 3F 55 60 3E 20 76  .A.R.T...u?U`> v
01E0: A0 74 55 C2 8D 49 92 2F   73 1F 3B 76 CF 4C 7C 57  .tU..I./s.;v.L.W
01F0: 2D A1 22 9D 41 19 DA 49   E6 60 4A D7 36 AA 8D 21  -.".A..I.`J.6..!
0200: 4A B9 B3 BF 73 36 64 58   A2 A0 A0 74 C8 F2 2F 18  J...s6dX...t../.
0210: F9 90 AB 61 D2 1A E1 B7   A7 31 1C ED 06 61 8F CE  ...a.....1...a..
0220: 5A E9 F7 34 5A 47 D5 7D   DC 81 70 59 64 DA 01 27  Z..4ZG....pYd..'
0230: 4F 32 F6 7E 0C CD DE E3   F2 55 2D 9A A6 06 D0 AC  O2.......U-.....
0240: 3D F6 AC 15 3F F1 65 F7   30 17 6C 57 B1 69 1B B7  =...?.e.0.lW.i..
0250: 97 77 46 32 91 CE 53 5B                            .wF2..S[

Krb5Context.unwrap: token=[05 04 01 ff 00 0c 00 00 00 00 00 00 35 46 fe 12 01 01 00 00 d8
39 c1 a5 5f 51 ba 80 10 f5 84 42 ]
Krb5Context.unwrap: data=[01 01 00 00 ]
Krb5Context.wrap: data=[01 01 00 00 ]
Krb5Context.wrap: token=[05 04 00 ff 00 0c 00 00 00 00 00 00 35 46 fe 12 01 01 00 00 ca 6c
fe 14 ce 78 2e 9d 11 4e 1e e4 ]
apache drill 1.10.0
"json ain't no thang"
0: jdbc:drill:zk=host1.fqdn> show databases;
Error: SYSTEM ERROR: RuntimeException: JDK Java compiler not available - probably you're running
Drill with a JRE and not a JDK

Fragment 0:0

[Error Id: 589b43f2-62af-4d4c-b35b-f00078fa385c on host1.fqdn:31010] (state=,code=0)
0: jdbc:drill:zk=host1.fqdn>


test@:/home/test> sqlline -u "jdbc:drill:drillbit=host1.fqdn;auth=kerberos"
Bad level value for property: java.util.logging.ConsoleHandler.level
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
>> Look up native default credential cache
>>>KinitOptions cache name is /tmp/krb5cc_5007
>>>DEBUG <CCacheInputStream>  client principal is test/labhdp@LAB.COM
>>>DEBUG <CCacheInputStream> server principal is krbtgt/LAB.COM@LAB.COM
>>>DEBUG <CCacheInputStream> key type: 18
>>>DEBUG <CCacheInputStream> auth time: Mon Apr 17 14:38:45 EDT 2017
>>>DEBUG <CCacheInputStream> start time: Mon Apr 17 14:38:45 EDT 2017
>>>DEBUG <CCacheInputStream> end time: Tue Apr 18 14:38:45 EDT 2017
>>>DEBUG <CCacheInputStream> renew_till time: Mon Apr 17 14:38:45 EDT 2017
>>> CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE; INITIAL;
>>>DEBUG <CCacheInputStream>  client principal is test/labhdp@LAB.COM
>>>DEBUG <CCacheInputStream> server principal is X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/LAB.COM@LAB.COM
>>>DEBUG <CCacheInputStream> key type: 0
>>>DEBUG <CCacheInputStream> auth time: Wed Dec 31 19:00:00 EST 1969
>>>DEBUG <CCacheInputStream> start time: null
>>>DEBUG <CCacheInputStream> end time: Wed Dec 31 19:00:00 EST 1969
>>>DEBUG <CCacheInputStream> renew_till time: null
>>> CCacheInputStream: readFlags()
Can't set level for java.util.logging.ConsoleHandler
Search Subject for Kerberos V5 INIT cred (<<DEF>>, sun.security.jgss.krb5.Krb5InitCredential)
Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18
14:38:45 EDT 2017
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18
14:38:45 EDT 2017
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23 1 3.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KdcAccessibility: reset
>>> KrbKdcReq send: kdc=host1.fqdn UDP:88, timeout=3, number of retries =3, #bytes=679
>>> KDCCommunication: kdc=host1.fqdn UDP:88, timeout=3,Attempt =1, #bytes=679
>>> KrbKdcReq send: #bytes read=675
>>> KdcAccessibility: remove host1.fqdn
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
Krb5Context setting mySeqNumber to: 830958184
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 02 52 30 82   02 4E A0 03 02 01 05 A1  ..n..R0..N......
0010: 03 02 01 0E A2 07 03 05   00 00 00 00 00 A3 82 01  ................
0020: 63 61 82 01 5F 30 82 01   5B A0 03 02 01 05 A1 09  ca.._0..[.......
0030: 1B 07 4C 41 42 2E 43 4F   4D A2 2E 30 2C A0 03 02  ..LAB.COM..0,...
0040: 01 00 A1 25 30 23 1B 05   64 72 69 6C 6C 1B 1A 61  ...%0#..drill..a
0050: 6C 74 62 74 68 64 6C 68   64 70 73 62 30 31 2E 63  ltbthdlhdpsb01.c
0060: 73 63 64 65 76 2E 63 6F   6D A3 82 01 17 30 82 01  scdev.com....0..
0070: 13 A0 03 02 01 12 A1 03   02 01 02 A2 82 01 05 04  ................
0080: 82 01 01 D6 23 51 EC 78   53 1F 5D 7D 03 C3 28 B7  ....#Q.xS.]...(.
0090: A7 A5 19 4A 79 27 ED 49   8F D7 AE CA 18 E0 8D 73  ...Jy'.I.......s
00A0: 42 9B F2 47 FB 2A AA 71   83 E3 F2 B1 1B 53 6F 9B  B..G.*.q.....So.
00B0: E6 FF 66 C2 A6 A3 E9 BD   04 40 51 E6 0C 18 E3 7C  ..f......@Q.....
00C0: 12 D0 AD E0 5F FC 8A 98   75 32 8D B7 E4 DF 08 C1  ...._...u2......
00D0: 74 0B 97 82 80 A0 AF 2D   9E DC 30 BF 18 E5 9F 1A  t......-..0.....
00E0: 2E 22 DE CF E8 2E DB FF   61 26 D0 AB 90 B7 F4 55  ."......a&.....U
00F0: BB 0F 84 0B 2A CF 70 3D   0E 69 50 12 B6 D5 26 11  ....*.p=.iP...&.
0100: F6 BF C7 85 C2 99 C0 81   85 20 86 47 5C D1 53 96  ......... .G\.S.
0110: A3 31 01 11 38 3E 1D 12   25 DC 3B 9C CF C4 71 09  .1..8>..%.;...q.
0120: 8A 74 1F A1 E4 B6 18 EB   3B 70 B9 17 BA 8B 00 DB  .t......;p......
0130: 25 81 93 5D 18 97 3E 9B   07 93 F4 B5 25 23 88 23  %..]..>.....%#.#
0140: 8C 08 76 A4 AB F5 B5 0C   4F B0 77 39 D4 C3 0A 0E  ..v.....O.w9....
0150: EF 20 A1 BE 18 34 E3 A9   5F 14 81 F1 B0 F8 FC 55  . ...4.._......U
0160: 02 31 72 95 AC 6B C1 CC   CF 56 CA 2C C5 85 45 D0  .1r..k...V.,..E.
0170: E6 BB C5 12 21 93 64 FB   50 C9 C9 CF ED D1 19 A9  ....!.d.P.......
0180: D5 D6 D5 BF A4 81 D1 30   81 CE A0 03 02 01 12 A2  .......0........
0190: 81 C6 04 81 C3 6B D7 09   0F 6A 9A 37 38 A6 75 94  .....k...j.78.u.
01A0: 00 85 6B 43 84 E8 88 37   1C AB 8F 22 AA 0E 52 85  ..kC...7..."..R.
01B0: F5 A2 4D F4 09 F4 68 42   52 90 41 6F 1B 72 61 92  ..M...hBR.Ao.ra.
01C0: D5 94 56 C3 F9 A7 7C C1   14 48 55 72 6A 71 57 7F  ..V......HUrjqW.
01D0: EC B3 E1 B0 AC 7F 0A BA   B7 E3 81 16 A9 A5 79 90  ..............y.
01E0: A4 B1 0A 1E 9C 6B 81 9A   97 F1 75 BB E6 81 2F 1A  .....k....u.../.
01F0: E0 6E FC 16 62 F3 E0 DC   D6 28 31 20 D7 BE F8 D7  .n..b....(1 ....
0200: 00 35 2C B9 C0 F2 93 7F   FF 9F CF D0 86 82 18 E3  .5,.............
0210: 27 A6 3A 29 05 D9 2F DE   74 26 37 A6 1F F1 2B 48  '.:)../.t&7...+H
0220: 54 1E 62 2C 35 9B BD 38   D2 9C 86 12 1C C8 EC F1  T.b,5..8........
0230: 0A 33 6A 58 B7 C7 CE 7B   A5 39 9D 8E 03 57 7D 08  .3jX.....9...W..
0240: 5B B7 36 2B 12 E0 A0 A8   8D DB BA EE 42 0A 9D 75  [.6+........B..u
0250: 6A B2 07 E7 F3 A9 C9 3B                            j......;

Krb5Context.unwrap: token=[05 04 01 ff 00 0c 00 00 00 00 00 00 31 87 6a 68 01 01 00 00 0d
d9 05 24 2b 40 05 ad a8 88 69 c9 ]
Krb5Context.unwrap: data=[01 01 00 00 ]
Krb5Context.wrap: data=[01 01 00 00 ]
Krb5Context.wrap: token=[05 04 00 ff 00 0c 00 00 00 00 00 00 31 87 6a 68 01 01 00 00 0a 0e
ed fb 75 64 47 7d 69 ea 3e 31 ]
apache drill 1.10.0
"json ain't no thang"
0: jdbc:drill:drillbit=host1.fqdn>
0: jdbc:drill:drillbit=host1.fqdn> show databases;
Error: SYSTEM ERROR: RuntimeException: JDK Java compiler not available - probably you're running
Drill with a JRE and not a JDK

Fragment 0:0

[Error Id: 0c94b644-5409-4bd4-b76d-c43c5226a3e2 on host1.fqdn:31010] (state=,code=0)
{code}


> Authentication failed: Server requires authentication using [kerberos, plain]
> -----------------------------------------------------------------------------
>
>                 Key: DRILL-5433
>                 URL: https://issues.apache.org/jira/browse/DRILL-5433
>             Project: Apache Drill
>          Issue Type: Task
>          Components: Functions - Drill
>    Affects Versions: 1.10.0
>         Environment: OS: Redhat Linux 6.7, HDP 2.5.3, Kerberos enabled, Hardware: VmWare
>            Reporter: Parag Darji
>            Priority: Minor
>              Labels: newbie, security
>             Fix For: 1.10.0
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> I've setup Apace drill 1.10.0 on RHEL 6.7, HDP 2.5.3, kerberos enabled
> I'm getting below error while running "drill-conf" or sqlline as user "drill" which is
configured in the "drill-override.conf" file. 
> {code}
> drill@host:/opt/drill/bin>  drill-conf
> Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException:
javax.security.sasl.SaslException: Authentication failed: Server requires authentication using
[kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException:
Server requires authentication using [kerberos, plain]. Insufficient credentials?] (state=,code=0)
> java.sql.SQLException: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException:
javax.security.sasl.SaslException: Authentication failed: Server requires authentication using
[kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException:
Server requires authentication using [kerberos, plain]. Insufficient credentials?]
>         at org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:166)
>         at org.apache.drill.jdbc.impl.DrillJdbc41Factory.newDrillConnection(DrillJdbc41Factory.java:72)
>         at org.apache.drill.jdbc.impl.DrillFactory.newConnection(DrillFactory.java:69)
>         at org.apache.calcite.avatica.UnregisteredDriver.connect(UnregisteredDriver.java:143)
>         at org.apache.drill.jdbc.Driver.connect(Driver.java:72)
>         at sqlline.DatabaseConnection.connect(DatabaseConnection.java:167)
>         at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:213)
>         at sqlline.Commands.connect(Commands.java:1083)
>         at sqlline.Commands.connect(Commands.java:1015)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:606)
>         at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36)
>         at sqlline.SqlLine.dispatch(SqlLine.java:742)
>         at sqlline.SqlLine.initArgs(SqlLine.java:528)
>         at sqlline.SqlLine.begin(SqlLine.java:596)
>         at sqlline.SqlLine.start(SqlLine.java:375)
>         at sqlline.SqlLine.main(SqlLine.java:268)
> Caused by: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException:
Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient
credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication
using [kerberos, plain]. Insufficient credentials?]
>         at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:157)
>         at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:432)
>         at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:379)
>         at org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:157)
>         ... 18 more
> Caused by: javax.security.sasl.SaslException: Authentication failed: Server requires
authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException:
Server requires authentication using [kerberos, plain]. Insufficient credentials?]
>         at org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:204)
>         at org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:197)
>         at com.google.common.util.concurrent.AbstractCheckedFuture.checkedGet(AbstractCheckedFuture.java:85)
>         at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:155)
>         ... 21 more
> Caused by: javax.security.sasl.SaslException: Server requires authentication using [kerberos,
plain]. Insufficient credentials?
>         at org.apache.drill.exec.rpc.user.UserClient.getAuthenticatorFactory(UserClient.java:285)
>         at org.apache.drill.exec.rpc.user.UserClient.authenticate(UserClient.java:216)
>         ... 22 more
> apache drill 1.10.0
> "this isn't your grandfather's sql"
> {code}
> Same error when running below command:
> {code}
> sqlline --maxWidth=10000 -u "jdbc:drill:drillbit=host1.fqdn;auth=kerberos;principal=drill/ladhdp@LAB.COM"
> {code}
> "Drill" user has has valid keytab/ticket.
> The Drill UI is working fine with local authentication.
> drill-override.conf file:
> {code}
> drill.exec: {
>   cluster-id: "drillbits1",
>   zk.connect: "host1.fqdn:2181,host2.fqdn:2181,host3.fqdn:2181",
>   security: {
>           user.auth.enabled: true,
>           user.auth.impl: "pam",
>           user.auth.pam_profiles: [ "sudo", "login" ],
>           packages += "org.apache.drill.exec.rpc.user.security",
>           auth.mechanisms: ["KERBEROS","PLAIN"],
>           auth.principal: "drill/labhdp@LAB.COM",
>           auth.keytab: "/opt/drill/.keytab/drill.keytab"
>         }
> }
> {code}
> {code}
> cat drill-env.sh | egrep -v '^#|^$'
> export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pam/JPam-1.1/"
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message