incubator-hcatalog-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Weise <...@yahoo-inc.com>
Subject Re: HCatalog Security
Date Sun, 08 Apr 2012 16:34:45 GMT
Rajesh,

I have seen similar issue on Ubuntu where java (in this case the hcat client) fails to get
the TGT from cache. This issue goes away after doing a kinit -R

HTH,
Thomas

On 4/8/12 6:27 AM, "Rajesh Balamohan" <rajesh.balamohan@gmail.com> wrote:

Hi All,

I am currently using HCatalog 0.4 and trying to enable security with this build.

I have setup the following properties in /etc/hcatalog/hive-site.xml

hive.metastore.kerberos.principa;
hive.metastore.sasl.enabled
hive.metastore.kerberos.keytab.file

I tried kinit in standalone mode and it works fine. hcat_server.sh also works fine (which
means that the thrift server is working)

However, when I try ' hcat -e "show tables" ', it is not able to communicate with the thrift
server. It throws GSSAPI failed exception.


2012-04-08 06:25:28,056 DEBUG transport.TSaslServerTransport (TSaslServerTransport.java:getTransport(212))
- transport map does not contain key
2012-04-08 06:25:28,056 DEBUG transport.TSaslTransport (TSaslTransport.java:open(243)) - opening
transport org.apache.thrift.transport.TSaslServerTransport@6243487e
2012-04-08 06:25:28,057 DEBUG transport.TSaslServerTransport (TSaslServerTransport.java:getTransport(217))
- failed to open server transport
org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:190)
        at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:124)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:40)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:215)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:557)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:555)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:337)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1110)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:555)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:170)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
2012-04-08 06:25:28,057 WARN  hive.metastore (HiveMetaStoreClient.java:openStore(270)) - Failed
to connect to the MetaStore Server...
2012-04-08 06:25:28,057 ERROR server.TThreadPoolServer (TThreadPoolServer.java:run(182)) -
Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Peer indicated
failure: GSS initiate failed
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:218)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:557)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:555)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:337)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1110)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:555)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:170)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate
failed
        at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:190)
        at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:124)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:253)

Any help would be greatly appreciated.

Mime
View raw message