phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Soldatov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (PHOENIX-2817) Phoenix-Spark plugin doesn't work in secured env
Date Fri, 01 Apr 2016 23:34:26 GMT
Sergey Soldatov created PHOENIX-2817:
----------------------------------------

             Summary: Phoenix-Spark plugin doesn't work in secured env
                 Key: PHOENIX-2817
                 URL: https://issues.apache.org/jira/browse/PHOENIX-2817
             Project: Phoenix
          Issue Type: Bug
    Affects Versions: 4.4.0, 4.7.0
            Reporter: Sergey Soldatov
            Assignee: Sergey Soldatov


When phoenix spark plugin is used with secured setup any attempt to perform operation with
PhoenixRDD cause an exception : 
{noformat}
Caused by: java.io.IOException: Login failure for 2181 from keytab /hbase: javax.security.auth.login.LoginException:
Unable to obtain password from user

	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
	at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:275)
	at org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
	at org.apache.hadoop.hbase.security.User.login(User.java:253)
	at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
	... 107 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

	at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
	... 111 more
{noformat}

The reason is the how zkUrl is handled in PhoenixRDD: 
{noformat}
config.set(HConstants.ZOOKEEPER_QUORUM, url )
{noformat}

At the same time the {{ConnectionUtil.getInputConnection}} expects to see all parameters (quorum
address, port, znodeParent) in different Configuration properties. As the result it gets default
values for port and znodeParent and adds it to the provided url, so the {{PhoenixEmbededDriver.create}}
receives something like that:
{noformat}
jdbc:phoenix:quorum:2181:/hbase-secure:2181:/hbase
{noformat}
and consider 2 fields as kerberos principal and keytab.  




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message