[jira] [Updated] (HIVE-28539) Client can not connect to hiveserver2

Thu, 26 Sep 2024 01:46:05 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-28539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lizhengzheng updated HIVE-28539:
--------------------------------
    Description: 
*JDBC Client throws:* 
{code:java}
Peer indicated failure: Failure to initialize security context {code}
*Hiveserver2 throws:*
{code:java}
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism 
level: Failed to find any Kerberos credentails)
        at 
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
 ~[?:1.8.0_342]
        at 
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
 ~[?:1.8.0_342]
        at 
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) 
~[?:1.8.0_342]
        at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) 
~[?:1.8.0_342]
        at 
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) 
~[?:1.8.0_342]
        at 
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) 
~[?:1.8.0_342]
        at 
com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:108) 
~[?:1.8.0_342] {code}
*The credentials in ugi is null:*

!image-2024-09-26-16-25-17-321.png!

Repeat step :
 # Only one hiveserver2 session alive (close the notification event poll if 
version is 3.1.3)
 # Stop kerberos service when TGT is expired and need to call 
reloginExpiringKeytabUser method, and then hiveserver2 will throws exception as:

!image-2024-09-26-16-43-50-159.png!

     3.Close client session

     4.Start kerberos service, and client can not connect to hiveserver2

  was:
*JDBC Client throws:* 
{code:java}
Peer indicated failure: Failure to initialize security context {code}
 

*Hiveserver2 throws:*

 
{code:java}
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism 
level: Failed to find any Kerberos credentails)
        at 
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
 ~[?:1.8.0_342]
        at 
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
 ~[?:1.8.0_342]
        at 
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) 
~[?:1.8.0_342]
        at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) 
~[?:1.8.0_342]
        at 
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) 
~[?:1.8.0_342]
        at 
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) 
~[?:1.8.0_342]
        at 
com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:108) 
~[?:1.8.0_342] {code}
 

*The credentials in ugi is null:*

!image-2024-09-26-16-25-17-321.png!

Repeat step :
 # Only one hiveserver2 session alive (close the notification event poll if 
version is 3.1.3)
 # Stop kerberos service when TGT is expired and need to call 
reloginExpiringKeytabUser method, and then hiveserver2 will throws exception as:

!image-2024-09-26-16-43-50-159.png!

     3.Close client session

     4.Start kerberos service, and client can not connect to hiveserver2

 


> Client can not connect to hiveserver2
> -------------------------------------
>
>                 Key: HIVE-28539
>                 URL: https://issues.apache.org/jira/browse/HIVE-28539
>             Project: Hive
>          Issue Type: Bug
>      Security Level: Public(Viewable by anyone) 
>    Affects Versions: 2.3.6, 3.1.3
>            Reporter: lizhengzheng
>            Priority: Major
>         Attachments: image-2024-09-26-16-25-17-321.png, 
> image-2024-09-26-16-31-02-056.png, image-2024-09-26-16-43-50-159.png
>
>
> *JDBC Client throws:* 
> {code:java}
> Peer indicated failure: Failure to initialize security context {code}
> *Hiveserver2 throws:*
> {code:java}
> Caused by: org.ietf.jgss.GSSException: No valid credentials provided 
> (Mechanism level: Failed to find any Kerberos credentails)
>         at 
> sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
>  ~[?:1.8.0_342]
>         at 
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
>  ~[?:1.8.0_342]
>         at 
> sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
>  ~[?:1.8.0_342]
>         at 
> sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) 
> ~[?:1.8.0_342]
>         at 
> sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) 
> ~[?:1.8.0_342]
>         at 
> sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) 
> ~[?:1.8.0_342]
>         at 
> com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:108) 
> ~[?:1.8.0_342] {code}
> *The credentials in ugi is null:*
> !image-2024-09-26-16-25-17-321.png!
> Repeat step :
>  # Only one hiveserver2 session alive (close the notification event poll if 
> version is 3.1.3)
>  # Stop kerberos service when TGT is expired and need to call 
> reloginExpiringKeytabUser method, and then hiveserver2 will throws exception 
> as:
> !image-2024-09-26-16-43-50-159.png!
>      3.Close client session
>      4.Start kerberos service, and client can not connect to hiveserver2



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to