[38211] in Kerberos
Re: Hadoop Datanode service throws exception with Kerberos security
daemon@ATHENA.MIT.EDU (Robbie Harwood)
Thu Mar 29 11:45:45 2018
From: Robbie Harwood <rharwood@redhat.com>
To: Sonia Garudi <sgarudi@us.ibm.com>, kerberos@mit.edu
In-Reply-To: <OFD352E97F.C9FDAC75-ON0025825E.00412713-6525825E.00440DAA@notes.na.collabserv.com>
Date: Thu, 29 Mar 2018 11:45:20 -0400
Message-ID: <jlgmuyqq41b.fsf@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2560794180295394985=="
Errors-To: kerberos-bounces@mit.edu
--===============2560794180295394985==
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
--=-=-=
Content-Type: text/plain
"Sonia Garudi" <sgarudi@us.ibm.com> writes:
> Hello team,
> We have a Ambari cluster setup using Rhel 7.5 beta machines. We are facing
> issues with start up of Hadoop Datanode on enabling Kerberos security.
>
> Error logged in /var/log/krb5kdc.log -
> Mar 27 14:48:17 pts00433-vm38.persistent.co.in krb5kdc[8737](info): TGS_REQ
> (1 etypes {16}) 10.77.67.132: PROCESS_TGS: authtime 0,
> dn/pts00433-vm38.persistent.co.in@EXAMPLE.COM for
> nn/pts00433-vm38.persistent.co.in@EXAMPLE.COM, Ticket expired
> Mar 27 14:48:55 pts00433-vm38.persistent.co.in krb5kdc[8737](info): TGS_REQ
> (4 etypes {18 17 16 23}) 10.77.67.132: PROCESS_TGS: authtime 0,
> nn/pts00433-vm38.persistent.co.in@EXAMPLE.COM for
> nn/pts00433-vm38.persistent.co.in@EXAMPLE.COM, Ticket expired
>
> Below error in service log:
> 2018-03-27 14:46:44,739 WARN ipc.Client (Client.java:run(711)) - Couldn't
> setup connection for dn/pts00433-vm38.persistent.co.in@EXAMPLE.COM to
> pts00433-vm38.persistent.co.in/10.77.67.132:8020
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Ticket
> expired (32) - PROCESS_TGS)]
>
> We have following packages installed :
> Version-Release number of selected component (if applicable):
> # yum list installed | grep krb
> krb5-devel.ppc64le 1.15.1-18.el7 installed
> krb5-libs.ppc64le 1.15.1-18.el7 @anaconda/7.5
> krb5-pkinit.ppc64le 1.15.1-18.el7 installed
> krb5-server.ppc64le 1.15.1-18.el7 installed
> krb5-workstation.ppc64le 1.15.1-18.el7 installed
>
> # krb5-config --version
> Kerberos 5 release 1.15.1
>
> System and Ambari cluster details :
> # uname -a
> Linux pts00433-vm38.persistent.co.in 3.10.0-830.el7.ppc64le #1 SMP Mon Jan
> 15 12:26:57 EST 2018 ppc64le ppc64le ppc64le GNU/Linux
> # cat /etc/redhat-release
> Red Hat Enterprise Linux Server release 7.5 Beta (Maipo)
>
> Ambari version : 2.6.1
> HDP version installed : 2.6.4
>
> We have noticed, with Kerberos build version 1.15.1-8.el7, the datanode
> starts up without any issue.
>
> Any help or suggestions on why it fails with the higher update would be
> appreciated .
Hi Sonia,
I've replied on your bug with us and provided updated packages.
The corresponding upstream fix for this issue is
31d5c854198ed91fc2bd0b9fb87ed0dcd5a40eb6
Thanks,
--Robbie
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAlq9ChAACgkQJTL5F2qV
pEJFug/+NJKDHnrJWgFeEiX6mBijYV/qjPDt02ymO8pcu+i2urZ7LanIxOcsxMqB
ommghs/KrKGlIQaS9Um2adawAUA4I9gYLs97C5zPXzWRBF7TIiGONbwWV7f8VIPp
idwqLvvesjkYyl4JcyqHzC2kKWLHcmiW6h8AJcVt3opLFWtJNj5J8chk3voQv8SW
O64qs6NRKgisECSz+MpTGMobAJXN19srzWtF0NWsGTqWx+jGsD3RT/8ZwRuOIB/Z
2OOcaQepUsDJoqNYxoYH1+p49ZRyCEBS5dpmALL+ZFY3M/mNGca99NbNU8DMQiCj
pLAmt/4ZOVouD6hX34JXlM2d0uAhcFC8E4XQv1ZsWfechmjVAoKFxIfzvcvrBa4P
S0tYqjwC6Zb0s5diDRiIiw6unNd9LQN+fRXyZQxp9yKDWIVh8e8fww4NEJVzWHzB
HY89MGEfJ6wrjyc1ZQzY5GkI9hbcltNFSPAi7R+0qSVXdwIKjoZb9uCe9Vv20yFL
gtdHFNOAvpYImN7eM9nrCQWmW4LIqqGj+Cq6k88Ac4rMDxCgkoJPJEr97hfYgGmI
LHTZ3JsFOmzzneAZ1FBpOu83lBTi5YDbvCZoHTfx59iEe5LY+DMhPEj/sdXN0F5s
IpyciPBi07NXxUggrmT5deVQqrcIKUlOsN33Q8rd3RShKGS75ic=
=LxFu
-----END PGP SIGNATURE-----
--=-=-=--
--===============2560794180295394985==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============2560794180295394985==--
