Return-Path: 
 <user-return-8052-apmail-hadoop-user-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-user-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E986AD720
	for <apmail-hadoop-user-archive@minotaur.apache.org>;
 Tue, 21 May 2013 17:10:53 +0000 (UTC)
Received: (qmail 49048 invoked by uid 500); 21 May 2013 17:10:49 -0000
Delivered-To: apmail-hadoop-user-archive@hadoop.apache.org
Received: (qmail 48752 invoked by uid 500); 21 May 2013 17:10:48 -0000
Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@hadoop.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@hadoop.apache.org>
List-Post: <mailto:user@hadoop.apache.org>
List-Id: <user.hadoop.apache.org>
Reply-To: user@hadoop.apache.org
Delivered-To: mailing list user@hadoop.apache.org
Received: (qmail 48743 invoked by uid 99); 21 May 2013 17:10:48 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 17:10:48 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of zheyi.rong@gmail.com
 designates 209.85.212.44 as permitted sender)
Received: from [209.85.212.44] (HELO mail-vb0-f44.google.com) (209.85.212.44)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 May 2013 17:10:42 +0000
Received: by mail-vb0-f44.google.com with SMTP id e13so614294vbg.3
        for <user@hadoop.apache.org>; Tue, 21 May 2013 10:10:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:x-google-sender-delegation:in-reply-to
         :references:date:x-google-sender-auth:message-id:subject:from:to
         :content-type;
        bh=8zKeRtetF475YS25RhoXiFiXYGReLwDnsJOqB1pj7KI=;
        b=MPpyhcTEj7b3my6VtghW5JqC0w1OKE3qDtq56sRMSZ0EvTRgGjyaStFe7RI/OwHT+7
         tpKesHEdY4MQdHFVAkMXcjY1bGxDw3rTX/UZapr8AIqdjrldHqvrRlhtzoHM5vZ7saAn
         3R4P5PntTDGdK+6clxuIbZifEQs3Dc7SDnB5qrGNuGEkLbDbI5A9Jeot3rJTVxbywdWs
         iuDCTHKFAu72aAXgn0vl8vT9iPvnalaKMFJMN8UJVcxtAcD5YJGtvGcaw9vdZcdu/5fb
         m3VsWVVWWXdEFKYW6tahI3TWt3bbpA+53duhd9BlyIEeoJf/4D/AOwnC8g9J9VlSgD0O
         w7ug==
MIME-Version: 1.0
X-Received: by 10.58.202.103 with SMTP id kh7mr1290413vec.19.1369156221451;
 Tue, 21 May 2013 10:10:21 -0700 (PDT)
Sender: rongzheyi@gmail.com
X-Google-Sender-Delegation: rongzheyi@gmail.com
Received: by 10.58.206.113 with HTTP; Tue, 21 May 2013 10:10:21 -0700 (PDT)
In-Reply-To: 
 <CAO7hTbMCVXQh5btSKY0g8_Sq9bksJak=ub86JORdF3SJK3qgcg@mail.gmail.com>
References: 
 <CADww33N=jEEDKnewVAW_dvfXhtdEaBnF6DUXu_LzshJ2Py=qOQ@mail.gmail.com>
	<CAO7hTbMCVXQh5btSKY0g8_Sq9bksJak=ub86JORdF3SJK3qgcg@mail.gmail.com>
Date: Tue, 21 May 2013 19:10:21 +0200
X-Google-Sender-Auth: wVhX9Ks1lNkkSmh5bJqY3Qnik2E
Message-ID: 
 <CADww33MU9GE_UNtLyFkSCUs34Jf8DV_KCPPWDCXQVmiEq2TaNg@mail.gmail.com>
Subject: Re: Keep Kerberos credentials valid after logging out
From: zheyi rong <zheyi.rong@gmail.com>
To: user@hadoop.apache.org
Content-Type: multipart/alternative; boundary=047d7bea420438c37e04dd3d864e
X-Virus-Checked: Checked by ClamAV on apache.org

--047d7bea420438c37e04dd3d864e
Content-Type: text/plain; charset=ISO-8859-1

could you please give me a bit more details?
I am really not good at kerberoes.

Thanks.

Regards,
Zheyi Rong


On Tue, May 21, 2013 at 3:34 PM, Rahul Bhattacharjee <
rahul.rec.dgp@gmail.com> wrote:

> I think you can have a keytab file for the user and use that for
> authentication. It would renew the credentials when it expires.
>
>
>
> On Tue, May 21, 2013 at 4:01 PM, zheyi rong <zheyi.rong@gmail.com> wrote:
>
>> Hi all,
>>
>> I would like to run my hadoop job in a bash file for several times, e.g.
>> #!/usr/bin/env bash
>> for i in {1..10}
>>     do
>>         my-hadoop-job
>>     done
>>
>> Since I don't want to keep my laptop on for hours, I run this bash script
>> on a server
>> via a SSH session.
>>
>> However, the bash script always terminated after my logging out of that
>> server by
>> 'ctrl-z, bg, disown, exit'.
>>
>> Using GNU 'screen' detaching and reattaching, I can see the following
>> exceptions:
>>
>> Caused by: java.io.IOException: javax.security.sasl.SaslException: GSS
>> initiate failed [Caused by GSSException: No valid credentials provided
>> (Mechanism level: Failed to find any Kerberos tgt)]
>>         at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:554)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at javax.security.auth.Subject.doAs(Subject.java:396)
>>         at
>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1278)
>>         at
>> org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:499)
>>         at
>> org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:601)
>>         at
>> org.apache.hadoop.ipc.Client$Connection.access$2300(Client.java:212)
>>         at org.apache.hadoop.ipc.Client.getConnection(Client.java:1292)
>>         at org.apache.hadoop.ipc.Client.call(Client.java:1121)
>>         ... 30 more
>> Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused
>> by GSSException: No valid credentials provided (Mechanism level: Failed to
>> find any Kerberos tgt)]
>>         at
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
>>         at
>> org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:134)
>>         at
>> org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:415)
>>         at
>> org.apache.hadoop.ipc.Client$Connection.access$1100(Client.java:212)
>>         at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:594)
>>         at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:591)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at javax.security.auth.Subject.doAs(Subject.java:396)
>>         at
>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1278)
>>         at
>> org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:590)
>>         ... 33 more
>> Caused by: GSSException: No valid credentials provided (Mechanism level:
>> Failed to find any Kerberos tgt)
>>         at
>> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:130)
>>         at
>> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106)
>>         at
>> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172)
>>         at
>> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209)
>>         at
>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195)
>>         at
>> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
>>         at
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
>>         ... 42 more
>>
>> The cluster is deployed with cdh3.
>>
>> so how can I keep my script running after logging out ?
>>
>> Thank you in advance.
>>
>> Regards,
>> Zheyi Rong
>>
>
>

--047d7bea420438c37e04dd3d864e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div style>could you please give me a bit more details?<br=
></div><div style>I am really not good at kerberoes.</div><div style><br></=
div><div style>Thanks.</div></div><div class=3D"gmail_extra"><br clear=3D"a=
ll">
<div><div>Regards,</div>Zheyi Rong</div>
<br><br><div class=3D"gmail_quote">On Tue, May 21, 2013 at 3:34 PM, Rahul B=
hattacharjee <span dir=3D"ltr">&lt;<a href=3D"mailto:rahul.rec.dgp@gmail.co=
m" target=3D"_blank">rahul.rec.dgp@gmail.com</a>&gt;</span> wrote:<br><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex">
<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:courier =
new,monospace">I think you can have a keytab file for the user and use that=
 for authentication. It would renew the credentials when it expires.<br>

<br></div></div><div class=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail=
_extra"><br><br><div class=3D"gmail_quote">On Tue, May 21, 2013 at 4:01 PM,=
 zheyi rong <span dir=3D"ltr">&lt;<a href=3D"mailto:zheyi.rong@gmail.com" t=
arget=3D"_blank">zheyi.rong@gmail.com</a>&gt;</span> wrote:<br>


<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">Hi all,<div><br></div><div>=
I would like to run my hadoop job in a bash file for several times, e.g.</d=
iv>


<div>#!/usr/bin/env bash</div><div>for i in {1..10}</div><div>=A0 =A0 do</d=
iv><div>=A0 =A0 =A0 =A0 my-hadoop-job</div>
<div>=A0 =A0 done</div><div><br></div><div>Since I don&#39;t want to keep m=
y laptop on for hours, I run this bash script on a server</div><div>via a S=
SH session.</div><div><br></div><div>However, the bash script always termin=
ated after my logging out of that server by=A0</div>



<div>&#39;ctrl-z, bg, disown, exit&#39;.</div><div><br></div><div>Using GNU=
 &#39;screen&#39; detaching and reattaching, I can see the following except=
ions:</div><div><br></div><div><div>Caused by: java.io.IOException: javax.s=
ecurity.sasl.SaslException: GSS initiate failed [Caused by GSSException: No=
 valid credentials provided (Mechanism level: Failed to find any Kerberos t=
gt)]</div>



<div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ipc.Client$Connection$1.run(Clien=
t.java:554)</div><div>=A0 =A0 =A0 =A0 at java.security.AccessController.doP=
rivileged(Native Method)</div><div>=A0 =A0 =A0 =A0 at javax.security.auth.S=
ubject.doAs(Subject.java:396)</div>



<div>=A0 =A0 =A0 =A0 at org.apache.hadoop.security.UserGroupInformation.doA=
s(UserGroupInformation.java:1278)</div><div>=A0 =A0 =A0 =A0 at org.apache.h=
adoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:499)</d=
iv><div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ipc.Client$Connection.setupIOs=
treams(Client.java:601)</div>



<div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ipc.Client$Connection.access$2300=
(Client.java:212)</div><div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ipc.Client=
.getConnection(Client.java:1292)</div><div>=A0 =A0 =A0 =A0 at org.apache.ha=
doop.ipc.Client.call(Client.java:1121)</div>



<div>=A0 =A0 =A0 =A0 ... 30 more</div><div>Caused by: javax.security.sasl.S=
aslException: GSS initiate failed [Caused by GSSException: No valid credent=
ials provided (Mechanism level: Failed to find any Kerberos tgt)]</div><div=
>=A0 =A0 =A0 =A0 at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateCha=
llenge(GssKrb5Client.java:194)</div>



<div>=A0 =A0 =A0 =A0 at org.apache.hadoop.security.SaslRpcClient.saslConnec=
t(SaslRpcClient.java:134)</div><div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ip=
c.Client$Connection.setupSaslConnection(Client.java:415)</div><div>=A0 =A0 =
=A0 =A0 at org.apache.hadoop.ipc.Client$Connection.access$1100(Client.java:=
212)</div>



<div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ipc.Client$Connection$2.run(Clien=
t.java:594)</div><div>=A0 =A0 =A0 =A0 at org.apache.hadoop.ipc.Client$Conne=
ction$2.run(Client.java:591)</div><div>=A0 =A0 =A0 =A0 at java.security.Acc=
essController.doPrivileged(Native Method)</div>



<div>=A0 =A0 =A0 =A0 at javax.security.auth.Subject.doAs(Subject.java:396)<=
/div><div>=A0 =A0 =A0 =A0 at org.apache.hadoop.security.UserGroupInformatio=
n.doAs(UserGroupInformation.java:1278)</div><div>=A0 =A0 =A0 =A0 at org.apa=
che.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:590)</div>



<div>=A0 =A0 =A0 =A0 ... 33 more</div><div>Caused by: GSSException: No vali=
d credentials provided (Mechanism level: Failed to find any Kerberos tgt)</=
div><div>=A0 =A0 =A0 =A0 at sun.security.jgss.krb5.Krb5InitCredential.getIn=
stance(Krb5InitCredential.java:130)</div>



<div>=A0 =A0 =A0 =A0 at sun.security.jgss.krb5.Krb5MechFactory.getCredentia=
lElement(Krb5MechFactory.java:106)</div><div>=A0 =A0 =A0 =A0 at sun.securit=
y.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172)</=
div><div>=A0 =A0 =A0 =A0 at sun.security.jgss.GSSManagerImpl.getMechanismCo=
ntext(GSSManagerImpl.java:209)</div>



<div>=A0 =A0 =A0 =A0 at sun.security.jgss.GSSContextImpl.initSecContext(GSS=
ContextImpl.java:195)</div><div>=A0 =A0 =A0 =A0 at sun.security.jgss.GSSCon=
textImpl.initSecContext(GSSContextImpl.java:162)</div><div>=A0 =A0 =A0 =A0 =
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Cli=
ent.java:175)</div>



<div>=A0 =A0 =A0 =A0 ... 42 more</div><div><br></div><div>The cluster is de=
ployed with cdh3.<br></div></div><div><br></div><div>so how can I keep my s=
cript running after logging out ?</div><div><br></div><div>
Thank you in advance.</div><div><br clear=3D"all"><div><div>Regards,</div>Z=
heyi Rong</div>
</div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>

--047d7bea420438c37e04dd3d864e--