Dear all, We have a Hive in 2.1.1 and a web application running against the Hive server. Before enabling the Kerberos, everything is OK. But after enabling the Kerberos, it always failed to do the authentication.
- web application runs with: Jetty, hive client version: 1.2.1 and JDK 1.7 - Hive runs with JDK 1.8 - but both JDKs are running with JCE jars. Followings are the errors: > > 2017-07-27 10:29:16,622 INFO hive.metastore:Trying to connect to > metastore with URI thrift://hdp-cli-01.dataservice.net:9083 > 2017-07-27 10:29:16,793 WARN > org.apache.hadoop.util.NativeCodeLoader:Unable to load native-hadoop > library for your platform... using builtin-java classes where applicable > 2017-07-27 10:29:16,873 ERROR > org.apache.thrift.transport.TSaslTransport:SASL negotiation failure > javax.security.sasl.SaslException: GSS initiate failed [Caused by > GSSException: No valid credentials provided (Mechanism level: Failed to > find any Kerberos tgt)] > at > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212) > at > org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94) > at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) > at > org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) > at > org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52) > at > org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:415) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657) > at > org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49) > at > org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:420) > at > org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:236) > at > org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:181) > at > com.taobao.zeus.store.CliTableManager.initClient(CliTableManager.java:60) > at com.taobao.zeus.store.CliTableManager.<init>(CliTableManager.java:47) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:526) > at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:61) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:877) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) > at java.security.AccessController.doPrivileged(Native Method) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) > at > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) > at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) > at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185) > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) > at > org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:671) > at > org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:610) > at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:412) > at > org.springframework.beans.factory.annotation.InjectionMetadata.injectFields(InjectionMetadata.java:105) > at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessAfterInstantiation(AutowiredAnnotationBeanPostProcessor.java:240) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:959) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) > at java.security.AccessController.doPrivileged(Native Method) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) > at > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) > at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) > at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185) > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) > at > org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429) > at > org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728) > at > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380) > at > org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255) > at > org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199) > at > org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45) > at > org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:800) > at > org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:444) > at > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:791) > at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294) > at > org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1349) > at > org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1342) > at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741) > at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:505) > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > at > org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:41) > at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:186) > at > org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:498) > at > org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:146) > at > org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:180) > at > org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:440) > at > org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:64) > at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:609) > at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:528) > at org.eclipse.jetty.util.Scanner.scan(Scanner.java:391) > at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:313) > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > at > org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:150) > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > at > org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:560) > at > org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:235) > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) > at org.eclipse.jetty.server.Server.start(Server.java:387) > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114) > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) > at org.eclipse.jetty.server.Server.doStart(Server.java:354) > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) > at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1255) > at java.security.AccessController.doPrivileged(Native Method) > at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1174) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at org.eclipse.jetty.start.Main.invokeMain(Main.java:321) > at org.eclipse.jetty.start.Main.start(Main.java:817) > at org.eclipse.jetty.start.Main.main(Main.java:112) > Caused by: GSSException: No valid credentials provided (Mechanism level: > Failed to find any Kerberos tgt) > at > sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) > at > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121) > at > sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) > at > sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223) > at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) > at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) > at > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193) > ... 94 more Appreciated for your advice. Kind Regards, Wenxing
