[38212] in Kerberos
Re: Hadoop Datanode service throws exception with Kerberos security
daemon@ATHENA.MIT.EDU (Robbie Harwood)
Thu Mar 29 12:07:24 2018
From: Robbie Harwood <rharwood@redhat.com>
To: Sonia Garudi <sgarudi@us.ibm.com>, kerberos@mit.edu
In-Reply-To: <jlgmuyqq41b.fsf@redhat.com>
Date: Thu, 29 Mar 2018 12:06:58 -0400
Message-ID: <jlgin9eq319.fsf@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7273905285963119753=="
Errors-To: kerberos-bounces@mit.edu
--===============7273905285963119753==
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
--=-=-=
Content-Type: text/plain
Robbie Harwood <rharwood@redhat.com> writes:
> "Sonia Garudi" <sgarudi@us.ibm.com> writes:
>
>> Hello team,
>> We have a Ambari cluster setup using Rhel 7.5 beta machines. We are facing
>> issues with start up of Hadoop Datanode on enabling Kerberos security.
>>
>> Error logged in /var/log/krb5kdc.log -
>> Mar 27 14:48:17 pts00433-vm38.persistent.co.in krb5kdc[8737](info): TGS_REQ
>> (1 etypes {16}) 10.77.67.132: PROCESS_TGS: authtime 0,
>> dn/pts00433-vm38.persistent.co.in@EXAMPLE.COM for
>> nn/pts00433-vm38.persistent.co.in@EXAMPLE.COM, Ticket expired
>> Mar 27 14:48:55 pts00433-vm38.persistent.co.in krb5kdc[8737](info): TGS_REQ
>> (4 etypes {18 17 16 23}) 10.77.67.132: PROCESS_TGS: authtime 0,
>> nn/pts00433-vm38.persistent.co.in@EXAMPLE.COM for
>> nn/pts00433-vm38.persistent.co.in@EXAMPLE.COM, Ticket expired
>>
>> Below error in service log:
>> 2018-03-27 14:46:44,739 WARN ipc.Client (Client.java:run(711)) - Couldn't
>> setup connection for dn/pts00433-vm38.persistent.co.in@EXAMPLE.COM to
>> pts00433-vm38.persistent.co.in/10.77.67.132:8020
>> javax.security.sasl.SaslException: GSS initiate failed [Caused by
>> GSSException: No valid credentials provided (Mechanism level: Ticket
>> expired (32) - PROCESS_TGS)]
>>
>> We have following packages installed :
>> Version-Release number of selected component (if applicable):
>> # yum list installed | grep krb
>> krb5-devel.ppc64le 1.15.1-18.el7 installed
>> krb5-libs.ppc64le 1.15.1-18.el7 @anaconda/7.5
>> krb5-pkinit.ppc64le 1.15.1-18.el7 installed
>> krb5-server.ppc64le 1.15.1-18.el7 installed
>> krb5-workstation.ppc64le 1.15.1-18.el7 installed
>>
>> # krb5-config --version
>> Kerberos 5 release 1.15.1
>>
>> System and Ambari cluster details :
>> # uname -a
>> Linux pts00433-vm38.persistent.co.in 3.10.0-830.el7.ppc64le #1 SMP Mon Jan
>> 15 12:26:57 EST 2018 ppc64le ppc64le ppc64le GNU/Linux
>> # cat /etc/redhat-release
>> Red Hat Enterprise Linux Server release 7.5 Beta (Maipo)
>>
>> Ambari version : 2.6.1
>> HDP version installed : 2.6.4
>>
>> We have noticed, with Kerberos build version 1.15.1-8.el7, the datanode
>> starts up without any issue.
>>
>> Any help or suggestions on why it fails with the higher update would be
>> appreciated .
>
> Hi Sonia,
>
> I've replied on your bug with us and provided updated packages.
>
> The corresponding upstream fix for this issue is
> 31d5c854198ed91fc2bd0b9fb87ed0dcd5a40eb6
Wrong hash, should be 54e58755368b58ba5894a14c1d02626da42d8003
Thanks,
--Robbie
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAlq9DyIACgkQJTL5F2qV
pEI4XhAAwA8XIH0Hq5+L9JcjDLzDkHHF34m9lW4cnO3syDEcD47tccKwmZu60sN4
ahFhADspzkEtbJEMGs01mcR9c/6+LaN1hHR4TgdzE0ShdnAx55kkcwcu/OcVGPWf
Wb5ucppyJ/r81tN0UJNpJjWDXwAnRMgMbOGOxBLMIIPVRY7x07Ro8B+hf36Vbdu3
RSGdW8eW9D99LVIcWlcMbDfFlGB2t0rA9hiEbgFuxyxXSAcgAwT8xpGO/luG4RNL
VmZl9IFu7ZX29MCAOq3RQbGcaUcQOnaEtCHaabmeeN3WjE4s6xhKrr8c9PooHu/y
4P4+jZcWnKDnMb3cRPlmUVaApFGCqqWPkW13g3gAPUZp0jMVtEQAIDIxLeczrFiU
HI3WpY9XYrnWlTsdIasZ8xIPEzGkHaI5UpU3q0e0pGobxCnmEps7Mli1+ATPxc9B
bX49xDo8amlkUIZZTldZnafLDwzqQGCiujd2oI7/sMS92hXMziiKY5ZWUZ8LIn+F
dRPo/UDK1gCG2ANg34k34qTXe0OYRJ1gVV0CxX0hODTww3vqEEHnVtEiC5beXpIA
kjAbo/2+jokPgXeHYAVCU3xrIl4krRA1VKeXnVQpe9UVjHbVyEmZUpPKaHYAyifW
Igsx7nb0QMpQBYy95E5a4pzKX/VIv0eo74tQBmTgrAv1sXqItsw=
=jTdn
-----END PGP SIGNATURE-----
--=-=-=--
--===============7273905285963119753==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============7273905285963119753==--
