[
https://issues.apache.org/jira/browse/HIVE-28539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lizhengzheng updated HIVE-28539:
--------------------------------
Description:
*JDBC Client throws:*
{code:java}
Peer indicated failure: Failure to initialize security context {code}
*Hiveserver2 throws:*
{code:java}
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism
level: Failed to find any Kerberos credentails)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
~[?:1.8.0_342]
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
~[?:1.8.0_342]
at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
~[?:1.8.0_342]
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
~[?:1.8.0_342]
at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62)
~[?:1.8.0_342]
at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154)
~[?:1.8.0_342]
at
com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:108)
~[?:1.8.0_342] {code}
*The credentials in ugi is null:*
!image-2024-09-26-16-25-17-321.png!
Repeat step :
# Only one hiveserver2 session alive (set
hive.notification.event.poll.interval less than 0 if version is 3.1.3)
# Stop kerberos service when TGT is expired and need to call
reloginExpiringKeytabUser method, and then hiveserver2 will throws exception as:
!image-2024-09-26-16-43-50-159.png!
3.Close client session
4.Start kerberos service, and client can not connect to hiveserver2
was:
*JDBC Client throws:*
{code:java}
Peer indicated failure: Failure to initialize security context {code}
*Hiveserver2 throws:*
{code:java}
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism
level: Failed to find any Kerberos credentails)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
~[?:1.8.0_342]
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
~[?:1.8.0_342]
at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
~[?:1.8.0_342]
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
~[?:1.8.0_342]
at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62)
~[?:1.8.0_342]
at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154)
~[?:1.8.0_342]
at
com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:108)
~[?:1.8.0_342] {code}
*The credentials in ugi is null:*
!image-2024-09-26-16-25-17-321.png!
Repeat step :
# Only one hiveserver2 session alive (close the notification event poll if
version is 3.1.3)
# Stop kerberos service when TGT is expired and need to call
reloginExpiringKeytabUser method, and then hiveserver2 will throws exception as:
!image-2024-09-26-16-43-50-159.png!
3.Close client session
4.Start kerberos service, and client can not connect to hiveserver2
> Client can not connect to hiveserver2
> -------------------------------------
>
> Key: HIVE-28539
> URL: https://issues.apache.org/jira/browse/HIVE-28539
> Project: Hive
> Issue Type: Bug
> Security Level: Public(Viewable by anyone)
> Affects Versions: 2.3.6, 3.1.3
> Reporter: lizhengzheng
> Priority: Major
> Attachments: image-2024-09-26-16-25-17-321.png,
> image-2024-09-26-16-31-02-056.png, image-2024-09-26-16-43-50-159.png
>
>
> *JDBC Client throws:*
> {code:java}
> Peer indicated failure: Failure to initialize security context {code}
> *Hiveserver2 throws:*
> {code:java}
> Caused by: org.ietf.jgss.GSSException: No valid credentials provided
> (Mechanism level: Failed to find any Kerberos credentails)
> at
> sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
> ~[?:1.8.0_342]
> at
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
> ~[?:1.8.0_342]
> at
> sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
> ~[?:1.8.0_342]
> at
> sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
> ~[?:1.8.0_342]
> at
> sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62)
> ~[?:1.8.0_342]
> at
> sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154)
> ~[?:1.8.0_342]
> at
> com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:108)
> ~[?:1.8.0_342] {code}
> *The credentials in ugi is null:*
> !image-2024-09-26-16-25-17-321.png!
> Repeat step :
> # Only one hiveserver2 session alive (set
> hive.notification.event.poll.interval less than 0 if version is 3.1.3)
> # Stop kerberos service when TGT is expired and need to call
> reloginExpiringKeytabUser method, and then hiveserver2 will throws exception
> as:
> !image-2024-09-26-16-43-50-159.png!
> 3.Close client session
> 4.Start kerberos service, and client can not connect to hiveserver2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
