hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bing Li (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-13384) Failed to create HiveMetaStoreClient object with proxy user when Kerberos enabled
Date Wed, 30 Mar 2016 13:14:25 GMT
Bing Li created HIVE-13384:
------------------------------

             Summary: Failed to create HiveMetaStoreClient object with proxy user when Kerberos
enabled
                 Key: HIVE-13384
                 URL: https://issues.apache.org/jira/browse/HIVE-13384
             Project: Hive
          Issue Type: Improvement
          Components: Metastore
    Affects Versions: 1.2.1, 1.2.0
            Reporter: Bing Li


I wrote a Java client to talk with HiveMetaStore. (Hive 1.2.0)
But found that it can't new a HiveMetaStoreClient object successfully via a proxy using in
Kerberos env.

===========================
15/10/13 00:14:38 ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Failed to find any Kerberos tgt)]
        at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
        at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
==========================

When I debugging on Hive, I found that the error came from open() method in HiveMetaStoreClient
class.

Around line 406,
 transport = UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<TTransport>()
{  //FAILED, because the current user doesn't have the cridential

But it will work if I change above line to
 transport = UserGroupInformation.getCurrentUser().getRealUser().doAs(new PrivilegedExceptionAction<TTransport>()
{  //PASS

I found DRILL-3413 fixes this error in Drill side as a workaround. But if I submit a mapreduce
job via Pig/HCatalog, it runs into the same issue again when initialize the object via HCatalog.

It would be better to fix this issue in Hive side.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message