hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bing Li <sarah.lib...@gmail.com>
Subject Fwd: Failed to create HiveMetaStoreClient object in proxy user with Kerberos enabled
Date Tue, 10 Nov 2015 07:30:12 GMT
Hi,
I wrote a Java client to talk with HiveMetaStore. (Hive 1.2.0)
But found that it can't new a HiveMetaStoreClient object successfully via a
proxy using in Kerberos env.

===========================
15/10/13 00:14:38 ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
        at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
        at
org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
        at
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
==========================

When I debugging on Hive, I found that the error came from open() method in
HiveMetaStoreClient class.

Around line 406,
 transport = UserGroupInformation.*getCurrentUser()*.doAs(new
PrivilegedExceptionAction<TTransport>() {  *//FAILED, because the current
user doesn't have the cridential*

But it will work if I change above line to
 transport = UserGroupInformation.*getCurrentUser().getRealUser()*.doAs(new
PrivilegedExceptionAction<TTransport>() {

*//PASS*
With Google, *I found*
1. DRILL-3413 fixes this error in Drill side
2. HIVE-4984 (hive metastore should not re-use hadoop proxy configuration)
mentioned related things, but the status is still OPEN

*My Questions:*
1. Have you noticed this issue in HiveMetaStoreClient? If yes, will Hive
plan to fix it?
2. Is the simple change (shown like above) in open() method in
HiveMetaStoreClient enough?


Thank you.
- Bing

Mime
View raw message