[jira] [Comment Edited] (HIVE-28042) DigestMD5 token expired or does not exist error while opening a new connection to HMS

Tue, 30 Jan 2024 00:35:56 -0800 


    [ 
https://issues.apache.org/jira/browse/HIVE-28042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17812191#comment-17812191
 ] 

Vikram Ahuja edited comment on HIVE-28042 at 1/30/24 8:34 AM:
--------------------------------------------------------------

The tokenStore has zookeeper, DB and memory based implementations. We are using 
Zookeeper based implementation in our scenarios. However this issue is 
regardless of the implementations as TokenStore's implementation(zookeeper, DB 
and memory). The expiry thread that is removing token is also removing tokens 
post renewal date irrespective of tokenStore Implementation. The issue will 
exist for all implementations of tokenStores.


was (Author: vikramahuja_):
The tokenStore has zookeeper, DB and memory based implementations. We are using 
Zookeeper based implementation in our scenarios. However this issue is 
regardless of the implementations as TokenStore's implementation(zookeeper, DB 
and memory). The expiry thread that is removing token is also removing tokens 
post renewal date irrespective of tokenStore Implementation. The issue will 
exist will all implementations of tokenStores.

> DigestMD5 token expired or does not exist error while opening a new 
> connection to HMS
> -------------------------------------------------------------------------------------
>
>                 Key: HIVE-28042
>                 URL: https://issues.apache.org/jira/browse/HIVE-28042
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Vikram Ahuja
>            Assignee: Vikram Ahuja
>            Priority: Major
>
> Hello,
> In our deployment we are facing the following exception in the HMS logs when 
> a HMS connection is opened from the HS2 in cases where a session is open for 
> a long time leading to query failures:
> {code:java}
> 2024-01-24T02:11:21,324 ERROR [TThreadPoolServer WorkerProcess-760394]: 
> transport.TSaslTransport (TSaslTransport.java:open) - SASL negotiation 
> failurejavax.security.sasl.SaslException: DIGEST-MD5: IO error acquiring 
> password        
> at 
> com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java)
>         
> at 
> com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java)
>         
> at 
> org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java)
>         at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java)        
> at 
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java)
>         
> at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java)
>         
> at 
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java)
>         
> at 
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java)
>         
> at java.security.AccessController.doPrivileged(Native Method)        
> at javax.security.auth.Subject.doAs(Subject.javA)        
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java)
>         
> at 
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java)
>         
> at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java)
>         
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java) 
>        
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java)   
>      
> at java.lang.Thread.run(Thread.java)Caused by: 
> org.apache.hadoop.security.token.SecretManager$InvalidToken: token expired or 
> does not exist: HIVE_DELEGATION_TOKEN owner=***, renewer=***, 
> realUser=*****************, issueDate=1705973286139, maxDate=1706578086139, 
> sequenceNumber=3294063, masterKeyId=7601        
> at 
> org.apache.hadoop.hive.metastore.security.TokenStoreDelegationTokenSecretManager.retrievePassword(TokenStoreDelegationTokenSecretManager.java)
>         
> at 
> org.apache.hadoop.hive.metastore.security.TokenStoreDelegationTokenSecretManager.retrievePassword(TokenStoreDelegationTokenSecretManager.java)
>         
> at 
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$SaslDigestCallbackHandler.getPassword(HadoopThriftAuthBridge.java)
>         
> at 
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$SaslDigestCallbackHandler.handle(HadoopThriftAuthBridge.java)
>         
> at 
> com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java)
>         ... 15 more {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to