Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 19B96200C59 for ; Mon, 17 Apr 2017 21:05:54 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 18522160BAB; Mon, 17 Apr 2017 19:05:54 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DC448160B92 for ; Mon, 17 Apr 2017 21:05:52 +0200 (CEST) Received: (qmail 27513 invoked by uid 500); 17 Apr 2017 19:05:52 -0000 Mailing-List: contact issues-help@drill.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@drill.apache.org Delivered-To: mailing list issues@drill.apache.org Received: (qmail 27504 invoked by uid 99); 17 Apr 2017 19:05:52 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Apr 2017 19:05:52 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id B4C741A04E8 for ; Mon, 17 Apr 2017 19:05:51 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 5ZjvXbe9-eiB for ; Mon, 17 Apr 2017 19:05:48 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 976BC5F3FE for ; Mon, 17 Apr 2017 19:05:42 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id E0372E0458 for ; Mon, 17 Apr 2017 19:05:41 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 91A0921B45 for ; Mon, 17 Apr 2017 19:05:41 +0000 (UTC) Date: Mon, 17 Apr 2017 19:05:41 +0000 (UTC) From: "Parag Darji (JIRA)" To: issues@drill.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DRILL-5433) Authentication failed: Server requires authentication using [kerberos, plain] MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 17 Apr 2017 19:05:54 -0000 [ https://issues.apache.org/jira/browse/DRILL-5433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971500#comment-15971500 ] Parag Darji commented on DRILL-5433: ------------------------------------ Before I was using single principal per cluster(drill/labhdp@LAB.COM), now I created principal per node (drill/host1.fqdn@LAB.COM). Updated the drill-override.conf: {code} auth.principal:"drill/_host@LAB.COM", {code} Now I'm seeing different error (for both users "test" and "drill"). {code} test@:/home/test> test@altbthdlhdpsb01:/home/test> klist Ticket cache: FILE:/tmp/krb5cc_5007 Default principal: test/labhdp@LAB.COM Valid starting Expires Service principal 04/13/17 15:00:25 04/14/17 15:00:25 krbtgt/LAB.COM@LAB.COM renew until 04/13/17 15:00:25 test@:/home/test> sqlline -u "jdbc:drill:zk=host1.fqdn;auth=kerberos" Bad level value for property: java.util.logging.ConsoleHandler.level Java config name: null Native config name: /etc/krb5.conf Loaded from native config >> Look up native default credential cache >>>KinitOptions cache name is /tmp/krb5cc_5007 >>>DEBUG client principal is test/labhdp@LAB.COM >>>DEBUG server principal is krbtgt/LAB.COM@LAB.COM >>>DEBUG key type: 18 >>>DEBUG auth time: Mon Apr 17 14:38:45 EDT 2017 >>>DEBUG start time: Mon Apr 17 14:38:45 EDT 2017 >>>DEBUG end time: Tue Apr 18 14:38:45 EDT 2017 >>>DEBUG renew_till time: Mon Apr 17 14:38:45 EDT 2017 >>> CCacheInputStream: readFlags() FORWARDABLE; RENEWABLE; INITIAL; >>>DEBUG client principal is test/labhdp@LAB.COM >>>DEBUG server principal is X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/LAB.COM@LAB.COM >>>DEBUG key type: 0 >>>DEBUG auth time: Wed Dec 31 19:00:00 EST 1969 >>>DEBUG start time: null >>>DEBUG end time: Wed Dec 31 19:00:00 EST 1969 >>>DEBUG renew_till time: null >>> CCacheInputStream: readFlags() Can't set level for java.util.logging.ConsoleHandler Search Subject for Kerberos V5 INIT cred (<>, sun.security.jgss.krb5.Krb5InitCredential) Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18 14:38:45 EDT 2017 Entered Krb5Context.initSecContext with state=STATE_NEW Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18 14:38:45 EDT 2017 Service ticket not found in the subject >>> Credentials acquireServiceCreds: same realm Using builtin default etypes for default_tgs_enctypes default etypes for default_tgs_enctypes: 18 17 16 23 1 3. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType >>> KdcAccessibility: reset >>> KrbKdcReq send: kdc=host1.fqdn UDP:88, timeout=3, number of retries =3, #bytes=679 >>> KDCCommunication: kdc=host1.fqdn UDP:88, timeout=3,Attempt =1, #bytes=679 >>> KrbKdcReq send: #bytes read=675 >>> KdcAccessibility: remove host1.fqdn >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType Krb5Context setting mySeqNumber to: 893845010 Krb5Context setting peerSeqNumber to: 0 Created InitSecContextToken: 0000: 01 00 6E 82 02 52 30 82 02 4E A0 03 02 01 05 A1 ..n..R0..N...... 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ 0020: 63 61 82 01 5F 30 82 01 5B A0 03 02 01 05 A1 09 ca.._0..[....... 0030: 1B 07 4C 41 42 2E 43 4F 4D A2 2E 30 2C A0 03 02 ..LAB.COM..0,... 0040: 01 00 A1 25 30 23 1B 05 64 72 69 6C 6C 1B 1A 61 ...%0#..drill..a 0050: 6C 74 62 74 68 64 6C 68 64 70 73 62 30 31 2E 63 ltbthdlhdpsb01.c 0060: 73 63 64 65 76 2E 63 6F 6D A3 82 01 17 30 82 01 scdev.com....0.. 0070: 13 A0 03 02 01 12 A1 03 02 01 02 A2 82 01 05 04 ................ 0080: 82 01 01 FA F8 F6 F2 4E F4 FF 07 2C E7 5D B2 85 .......N...,.].. 0090: 0F E1 03 E4 AE 65 E0 81 6F 23 EB 70 DC D2 24 7A .....e..o#.p..$z 00A0: 0A 54 5C E8 44 E7 67 80 D8 E6 8C DC AC 09 7F F3 .T\.D.g......... 00B0: CB CE 0D 1A CC 82 05 D4 9E DE 2E E6 53 7B B8 E5 ............S... 00C0: AF F4 5F B7 59 54 F2 70 9A EC 0C E1 EB 65 79 5A .._.YT.p.....eyZ 00D0: 68 F7 97 B6 2F F8 DF 0A 0A 79 E9 0A 1B 23 4B 93 h.../....y...#K. 00E0: 6C 53 F4 85 A3 45 5C B9 19 4C 2B DB 29 3D 13 41 lS...E\..L+.)=.A 00F0: D3 50 1F 08 60 FC A2 23 89 91 A4 3B 5C 01 F5 A5 .P..`..#...;\... 0100: E0 12 55 00 D1 A0 77 AB 34 4A 97 42 68 C5 89 9A ..U...w.4J.Bh... 0110: 38 29 75 5A FE 77 D8 E3 9F 07 DB 82 9B 73 97 BA 8)uZ.w.......s.. 0120: 05 84 7B 74 71 BC A4 BD B0 12 74 99 B3 88 E5 02 ...tq.....t..... 0130: 3A 49 BF 93 12 06 C6 10 83 B0 4E B3 CF D5 DE 2F :I........N..../ 0140: 82 19 54 4B 64 21 AA 24 DE E5 59 7B E5 5F 00 37 ..TKd!.$..Y.._.7 0150: AA 61 16 5E 04 30 0C 53 40 DD 3F D6 A1 D6 80 E7 .a.^.0.S@.?..... 0160: F9 F4 37 2F 2F 1A B3 51 2D 83 0E 3D 3E AF CB 49 ..7//..Q-..=>..I 0170: 9A 4D 01 90 64 FB 50 DC 8A AB 02 86 20 56 0E DC .M..d.P..... V.. 0180: 57 AF 1B 0A A4 81 D1 30 81 CE A0 03 02 01 12 A2 W......0........ 0190: 81 C6 04 81 C3 59 13 A8 C2 39 81 78 11 7D 15 27 .....Y...9.x...' 01A0: 1D CC 9B D4 E8 1C 8A 0A 9A EA 74 27 F7 43 76 9F ..........t'.Cv. 01B0: 21 4F 96 EF 32 85 2C F6 4A 7E 72 D8 6F 5C 8E 66 !O..2.,.J.r.o\.f 01C0: B7 61 E7 68 DB DD 83 08 6B C3 65 C0 C7 21 25 E6 .a.h....k.e..!%. 01D0: F7 41 D8 52 15 54 14 DD A5 75 3F 55 60 3E 20 76 .A.R.T...u?U`> v 01E0: A0 74 55 C2 8D 49 92 2F 73 1F 3B 76 CF 4C 7C 57 .tU..I./s.;v.L.W 01F0: 2D A1 22 9D 41 19 DA 49 E6 60 4A D7 36 AA 8D 21 -.".A..I.`J.6..! 0200: 4A B9 B3 BF 73 36 64 58 A2 A0 A0 74 C8 F2 2F 18 J...s6dX...t../. 0210: F9 90 AB 61 D2 1A E1 B7 A7 31 1C ED 06 61 8F CE ...a.....1...a.. 0220: 5A E9 F7 34 5A 47 D5 7D DC 81 70 59 64 DA 01 27 Z..4ZG....pYd..' 0230: 4F 32 F6 7E 0C CD DE E3 F2 55 2D 9A A6 06 D0 AC O2.......U-..... 0240: 3D F6 AC 15 3F F1 65 F7 30 17 6C 57 B1 69 1B B7 =...?.e.0.lW.i.. 0250: 97 77 46 32 91 CE 53 5B .wF2..S[ Krb5Context.unwrap: token=[05 04 01 ff 00 0c 00 00 00 00 00 00 35 46 fe 12 01 01 00 00 d8 39 c1 a5 5f 51 ba 80 10 f5 84 42 ] Krb5Context.unwrap: data=[01 01 00 00 ] Krb5Context.wrap: data=[01 01 00 00 ] Krb5Context.wrap: token=[05 04 00 ff 00 0c 00 00 00 00 00 00 35 46 fe 12 01 01 00 00 ca 6c fe 14 ce 78 2e 9d 11 4e 1e e4 ] apache drill 1.10.0 "json ain't no thang" 0: jdbc:drill:zk=host1.fqdn> show databases; Error: SYSTEM ERROR: RuntimeException: JDK Java compiler not available - probably you're running Drill with a JRE and not a JDK Fragment 0:0 [Error Id: 589b43f2-62af-4d4c-b35b-f00078fa385c on host1.fqdn:31010] (state=,code=0) 0: jdbc:drill:zk=host1.fqdn> test@:/home/test> sqlline -u "jdbc:drill:drillbit=host1.fqdn;auth=kerberos" Bad level value for property: java.util.logging.ConsoleHandler.level Java config name: null Native config name: /etc/krb5.conf Loaded from native config >> Look up native default credential cache >>>KinitOptions cache name is /tmp/krb5cc_5007 >>>DEBUG client principal is test/labhdp@LAB.COM >>>DEBUG server principal is krbtgt/LAB.COM@LAB.COM >>>DEBUG key type: 18 >>>DEBUG auth time: Mon Apr 17 14:38:45 EDT 2017 >>>DEBUG start time: Mon Apr 17 14:38:45 EDT 2017 >>>DEBUG end time: Tue Apr 18 14:38:45 EDT 2017 >>>DEBUG renew_till time: Mon Apr 17 14:38:45 EDT 2017 >>> CCacheInputStream: readFlags() FORWARDABLE; RENEWABLE; INITIAL; >>>DEBUG client principal is test/labhdp@LAB.COM >>>DEBUG server principal is X-CACHECONF:/krb5_ccache_conf_data/fast_avail/krbtgt/LAB.COM@LAB.COM >>>DEBUG key type: 0 >>>DEBUG auth time: Wed Dec 31 19:00:00 EST 1969 >>>DEBUG start time: null >>>DEBUG end time: Wed Dec 31 19:00:00 EST 1969 >>>DEBUG renew_till time: null >>> CCacheInputStream: readFlags() Can't set level for java.util.logging.ConsoleHandler Search Subject for Kerberos V5 INIT cred (<>, sun.security.jgss.krb5.Krb5InitCredential) Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18 14:38:45 EDT 2017 Entered Krb5Context.initSecContext with state=STATE_NEW Found ticket for test/labhdp@LAB.COM to go to krbtgt/LAB.COM@LAB.COM expiring on Tue Apr 18 14:38:45 EDT 2017 Service ticket not found in the subject >>> Credentials acquireServiceCreds: same realm Using builtin default etypes for default_tgs_enctypes default etypes for default_tgs_enctypes: 18 17 16 23 1 3. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType >>> KdcAccessibility: reset >>> KrbKdcReq send: kdc=host1.fqdn UDP:88, timeout=3, number of retries =3, #bytes=679 >>> KDCCommunication: kdc=host1.fqdn UDP:88, timeout=3,Attempt =1, #bytes=679 >>> KrbKdcReq send: #bytes read=675 >>> KdcAccessibility: remove host1.fqdn >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType Krb5Context setting mySeqNumber to: 830958184 Krb5Context setting peerSeqNumber to: 0 Created InitSecContextToken: 0000: 01 00 6E 82 02 52 30 82 02 4E A0 03 02 01 05 A1 ..n..R0..N...... 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ 0020: 63 61 82 01 5F 30 82 01 5B A0 03 02 01 05 A1 09 ca.._0..[....... 0030: 1B 07 4C 41 42 2E 43 4F 4D A2 2E 30 2C A0 03 02 ..LAB.COM..0,... 0040: 01 00 A1 25 30 23 1B 05 64 72 69 6C 6C 1B 1A 61 ...%0#..drill..a 0050: 6C 74 62 74 68 64 6C 68 64 70 73 62 30 31 2E 63 ltbthdlhdpsb01.c 0060: 73 63 64 65 76 2E 63 6F 6D A3 82 01 17 30 82 01 scdev.com....0.. 0070: 13 A0 03 02 01 12 A1 03 02 01 02 A2 82 01 05 04 ................ 0080: 82 01 01 D6 23 51 EC 78 53 1F 5D 7D 03 C3 28 B7 ....#Q.xS.]...(. 0090: A7 A5 19 4A 79 27 ED 49 8F D7 AE CA 18 E0 8D 73 ...Jy'.I.......s 00A0: 42 9B F2 47 FB 2A AA 71 83 E3 F2 B1 1B 53 6F 9B B..G.*.q.....So. 00B0: E6 FF 66 C2 A6 A3 E9 BD 04 40 51 E6 0C 18 E3 7C ..f......@Q..... 00C0: 12 D0 AD E0 5F FC 8A 98 75 32 8D B7 E4 DF 08 C1 ...._...u2...... 00D0: 74 0B 97 82 80 A0 AF 2D 9E DC 30 BF 18 E5 9F 1A t......-..0..... 00E0: 2E 22 DE CF E8 2E DB FF 61 26 D0 AB 90 B7 F4 55 ."......a&.....U 00F0: BB 0F 84 0B 2A CF 70 3D 0E 69 50 12 B6 D5 26 11 ....*.p=.iP...&. 0100: F6 BF C7 85 C2 99 C0 81 85 20 86 47 5C D1 53 96 ......... .G\.S. 0110: A3 31 01 11 38 3E 1D 12 25 DC 3B 9C CF C4 71 09 .1..8>..%.;...q. 0120: 8A 74 1F A1 E4 B6 18 EB 3B 70 B9 17 BA 8B 00 DB .t......;p...... 0130: 25 81 93 5D 18 97 3E 9B 07 93 F4 B5 25 23 88 23 %..]..>.....%#.# 0140: 8C 08 76 A4 AB F5 B5 0C 4F B0 77 39 D4 C3 0A 0E ..v.....O.w9.... 0150: EF 20 A1 BE 18 34 E3 A9 5F 14 81 F1 B0 F8 FC 55 . ...4.._......U 0160: 02 31 72 95 AC 6B C1 CC CF 56 CA 2C C5 85 45 D0 .1r..k...V.,..E. 0170: E6 BB C5 12 21 93 64 FB 50 C9 C9 CF ED D1 19 A9 ....!.d.P....... 0180: D5 D6 D5 BF A4 81 D1 30 81 CE A0 03 02 01 12 A2 .......0........ 0190: 81 C6 04 81 C3 6B D7 09 0F 6A 9A 37 38 A6 75 94 .....k...j.78.u. 01A0: 00 85 6B 43 84 E8 88 37 1C AB 8F 22 AA 0E 52 85 ..kC...7..."..R. 01B0: F5 A2 4D F4 09 F4 68 42 52 90 41 6F 1B 72 61 92 ..M...hBR.Ao.ra. 01C0: D5 94 56 C3 F9 A7 7C C1 14 48 55 72 6A 71 57 7F ..V......HUrjqW. 01D0: EC B3 E1 B0 AC 7F 0A BA B7 E3 81 16 A9 A5 79 90 ..............y. 01E0: A4 B1 0A 1E 9C 6B 81 9A 97 F1 75 BB E6 81 2F 1A .....k....u.../. 01F0: E0 6E FC 16 62 F3 E0 DC D6 28 31 20 D7 BE F8 D7 .n..b....(1 .... 0200: 00 35 2C B9 C0 F2 93 7F FF 9F CF D0 86 82 18 E3 .5,............. 0210: 27 A6 3A 29 05 D9 2F DE 74 26 37 A6 1F F1 2B 48 '.:)../.t&7...+H 0220: 54 1E 62 2C 35 9B BD 38 D2 9C 86 12 1C C8 EC F1 T.b,5..8........ 0230: 0A 33 6A 58 B7 C7 CE 7B A5 39 9D 8E 03 57 7D 08 .3jX.....9...W.. 0240: 5B B7 36 2B 12 E0 A0 A8 8D DB BA EE 42 0A 9D 75 [.6+........B..u 0250: 6A B2 07 E7 F3 A9 C9 3B j......; Krb5Context.unwrap: token=[05 04 01 ff 00 0c 00 00 00 00 00 00 31 87 6a 68 01 01 00 00 0d d9 05 24 2b 40 05 ad a8 88 69 c9 ] Krb5Context.unwrap: data=[01 01 00 00 ] Krb5Context.wrap: data=[01 01 00 00 ] Krb5Context.wrap: token=[05 04 00 ff 00 0c 00 00 00 00 00 00 31 87 6a 68 01 01 00 00 0a 0e ed fb 75 64 47 7d 69 ea 3e 31 ] apache drill 1.10.0 "json ain't no thang" 0: jdbc:drill:drillbit=host1.fqdn> 0: jdbc:drill:drillbit=host1.fqdn> show databases; Error: SYSTEM ERROR: RuntimeException: JDK Java compiler not available - probably you're running Drill with a JRE and not a JDK Fragment 0:0 [Error Id: 0c94b644-5409-4bd4-b76d-c43c5226a3e2 on host1.fqdn:31010] (state=,code=0) {code} > Authentication failed: Server requires authentication using [kerberos, plain] > ----------------------------------------------------------------------------- > > Key: DRILL-5433 > URL: https://issues.apache.org/jira/browse/DRILL-5433 > Project: Apache Drill > Issue Type: Task > Components: Functions - Drill > Affects Versions: 1.10.0 > Environment: OS: Redhat Linux 6.7, HDP 2.5.3, Kerberos enabled, Hardware: VmWare > Reporter: Parag Darji > Priority: Minor > Labels: newbie, security > Fix For: 1.10.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > I've setup Apace drill 1.10.0 on RHEL 6.7, HDP 2.5.3, kerberos enabled > I'm getting below error while running "drill-conf" or sqlline as user "drill" which is configured in the "drill-override.conf" file. > {code} > drill@host:/opt/drill/bin> drill-conf > Error: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?] (state=,code=0) > java.sql.SQLException: Failure in connecting to Drill: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?] > at org.apache.drill.jdbc.impl.DrillConnectionImpl.(DrillConnectionImpl.java:166) > at org.apache.drill.jdbc.impl.DrillJdbc41Factory.newDrillConnection(DrillJdbc41Factory.java:72) > at org.apache.drill.jdbc.impl.DrillFactory.newConnection(DrillFactory.java:69) > at org.apache.calcite.avatica.UnregisteredDriver.connect(UnregisteredDriver.java:143) > at org.apache.drill.jdbc.Driver.connect(Driver.java:72) > at sqlline.DatabaseConnection.connect(DatabaseConnection.java:167) > at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:213) > at sqlline.Commands.connect(Commands.java:1083) > at sqlline.Commands.connect(Commands.java:1015) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36) > at sqlline.SqlLine.dispatch(SqlLine.java:742) > at sqlline.SqlLine.initArgs(SqlLine.java:528) > at sqlline.SqlLine.begin(SqlLine.java:596) > at sqlline.SqlLine.start(SqlLine.java:375) > at sqlline.SqlLine.main(SqlLine.java:268) > Caused by: org.apache.drill.exec.rpc.NonTransientRpcException: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?] > at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:157) > at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:432) > at org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:379) > at org.apache.drill.jdbc.impl.DrillConnectionImpl.(DrillConnectionImpl.java:157) > ... 18 more > Caused by: javax.security.sasl.SaslException: Authentication failed: Server requires authentication using [kerberos, plain]. Insufficient credentials? [Caused by javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials?] > at org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:204) > at org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:197) > at com.google.common.util.concurrent.AbstractCheckedFuture.checkedGet(AbstractCheckedFuture.java:85) > at org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:155) > ... 21 more > Caused by: javax.security.sasl.SaslException: Server requires authentication using [kerberos, plain]. Insufficient credentials? > at org.apache.drill.exec.rpc.user.UserClient.getAuthenticatorFactory(UserClient.java:285) > at org.apache.drill.exec.rpc.user.UserClient.authenticate(UserClient.java:216) > ... 22 more > apache drill 1.10.0 > "this isn't your grandfather's sql" > {code} > Same error when running below command: > {code} > sqlline --maxWidth=10000 -u "jdbc:drill:drillbit=host1.fqdn;auth=kerberos;principal=drill/ladhdp@LAB.COM" > {code} > "Drill" user has has valid keytab/ticket. > The Drill UI is working fine with local authentication. > drill-override.conf file: > {code} > drill.exec: { > cluster-id: "drillbits1", > zk.connect: "host1.fqdn:2181,host2.fqdn:2181,host3.fqdn:2181", > security: { > user.auth.enabled: true, > user.auth.impl: "pam", > user.auth.pam_profiles: [ "sudo", "login" ], > packages += "org.apache.drill.exec.rpc.user.security", > auth.mechanisms: ["KERBEROS","PLAIN"], > auth.principal: "drill/labhdp@LAB.COM", > auth.keytab: "/opt/drill/.keytab/drill.keytab" > } > } > {code} > {code} > cat drill-env.sh | egrep -v '^#|^$' > export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pam/JPam-1.1/" > {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)