[jira] [Created] (ZEPPELIN-2540) JDBC Interpreter with proxy.user.property does not use kerberos keytab

Fri, 12 May 2017 10:19:31 -0700 

Michele Milesi created ZEPPELIN-2540:
----------------------------------------

             Summary: JDBC Interpreter with proxy.user.property does not use 
kerberos keytab
                 Key: ZEPPELIN-2540
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2540
             Project: Zeppelin
          Issue Type: Bug
          Components: Interpreters
    Affects Versions: 0.8.0
         Environment: Secure (Kerberos+SSL) CDH 5.8.3
Apache Impala
            Reporter: Michele Milesi


If you configure a JDBC interpreter with a Kerberized JDBC Server that allows 
user impersonation via Proxy user (i.e. Apache Impala) the interpreter uses 
just the proxy.user.property property and does not create a ProxyUser with 
UserGroupInformation{code}

Below the interpreter log:
{noformat}
 INFO [2017-05-12 18:33:49,807] ({pool-2-thread-2} 
JDBCInterpreter.java[appendProxyUserToURL]:408) - Using proxy user as :mmilesi
 INFO [2017-05-12 18:33:49,808] ({pool-2-thread-2} 
JDBCInterpreter.java[appendProxyUserToURL]:409) - Using proxy property for user 
as :DelegationUID
 INFO [2017-05-12 18:33:49,867] ({pool-2-thread-2} 
UserGroupInformation.java[loginUserFromKeytab]:981) - Login successful for user 
zeppelin/hadoop-cloudera7.hadoop.icteam.local@HADOOP.ICTEAM.LOCAL using keytab 
file /home/mmilesi/git/zeppelin/conf/zeppelin.keytab
ERROR [2017-05-12 18:33:49,883] ({pool-2-thread-2} 
JDBCInterpreter.java[executeSql]:673) - Cannot run show databases;
java.sql.SQLException: [Simba][ImpalaJDBCDriver](500168) Error creating login 
context using ticket cache: Unable to obtain Principal Name for authentication .
        at 
com.cloudera.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown 
Source)
        at 
com.cloudera.hivecommon.api.HiveServer2ClientFactory.createClient(Unknown 
Source)
        at 
com.cloudera.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
        at com.cloudera.impala.core.ImpalaJDBCConnection.connect(Unknown Source)
        at com.cloudera.jdbc.common.BaseConnectionFactory.doConnect(Unknown 
Source)
        at com.cloudera.jdbc.common.AbstractDriver.connect(Unknown Source)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:208)
        at 
org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
        at 
org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
        at 
org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861)
        at 
org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
        at 
org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
        at 
org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:270)
        at 
org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:331)
        at 
org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:363)
        at 
org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:602)
        at 
org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:734)
        at 
org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:101)
        at 
org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:500)
        at org.apache.zeppelin.scheduler.Job.run(Job.java:181)
        at 
org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
Caused by: com.cloudera.support.exceptions.GeneralException: 
[Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket 
cache: Unable to obtain Principal Name for authentication .
        ... 30 more
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to