hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matteo Bertozzi <theo.berto...@gmail.com>
Subject Re: hbase: secure login and connection management
Date Wed, 19 Nov 2014 11:24:58 GMT
Take a look at the patch added to
https://issues.apache.org/jira/browse/HBASE-12366
There will be a new AuthUtil. launchAuthChore() which should help in your
case.
(The doc patch is here https://issues.apache.org/jira/browse/HBASE-12528)

Matteo


On Wed, Nov 19, 2014 at 11:19 AM, Bogala, Chandra Reddy <
Chandra.Bogala@gs.com> wrote:

> Hi,
>   I am trying to login to secure cluster with keytabs using below methods.
> It works fine if  the token is not expired. My process runs for long time (
> web app from tomcat). Keep getting below exceptions after the token expire
> time and connection fails if the user tries to view data from web page.
> What is the better way of handling connections? How to refresh keys
> automatically?. Is there a spring implementation for managing connections?
> If yes, can you share sample code.
>
>
> UserGroupInformation.setConfiguration(conf);
> UserGroupInformation.loginUserFromKeytab("hbase.myclient.principal",
> "hbase.myclient.keytab");
>
> 2014-11-13 08:25:49,899 ERROR
> [org.apache.hadoop.security.UserGroupInformation]
> PriviledgedActionException as user@mycompany.com (auth:KERBEROS)
> cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to
> find any Kerberos tgt)]
> 2014-11-13 08:25:49,900 WARN [org.apache.hadoop.ipc.RpcClient] Exception
> encountered while connecting to the server :
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to
> find any Kerberos tgt)]
> javax.security.sasl.SaslException: GSS initiate failed
> Caused by: org.ietf.jgss.GSSException: No valid credentials provided
> (Mechanism level: Failed to find any Kerberos tgt)
>
> Thanks,
> Chandra
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message