Hi Wenxing,
Can you please refer the below Oracle link which has solution for all
common Kerberos authentication issues and it helped us solve our issue:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html
The issue you mentioned *GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos Ticket)* also can be found on
this link.
If the above does not help, please refer the below steps which were taken
by my team to setup/install a similar JAVA based app on a Kerberized
cluster.
Assumptions
-----------
1)You have access to the KDC to create a principal and export its keytab.
2)You know the Kerberos principal name for Hive's service account to
connect via JDBC/Beeline.
Setting Up
----------
1)Enter kadmin prompt to create/add a principal for your web-app and export
the keytab file
2)Verify the keytab file was created
3)Copy this keytab to the edge node from where you ran the shell script.
4)Set appropriate ownership and permissions to your folder
On Edge Node
--------------------
1)Ensure kerberos and kstart packages are installed and if not then please
install them
2)Obtain a renewable kerberos ticket for your web-app.
3)Using the keytab created and copied over from the KDC server earlier
k5start will manage both kinit and krenew for this principal to ensure
web-app account had a valid, un-expired ticket
4)Make sure to use the absolute path for the keytab file to avoid renewal
errors past the configured "maxrenewlife" time.
5)Check output of klist command to verify your web-app has a valid ticket
6)Ensure k5start daemon is running
>From here on, Kerberos is transparent to your web-app.
Accessing Hive CLI / Beeline on a secure cluster
------------------------------------------------
1)On a secure cluster, the JDBC connection URL needs an extra argument to
connect to the HiveServer. Hive’s service principal (not the end-user’s
principal) needs to go in the URL. As usual, the end user i.e. your web-app
also needs a valid ticket
2)HIVE_CONNECTION_URL, wherever used in your web-app should also have this
principal included in it.
Please let me know if the above helps.
Thanks,
Shakti
On Thu, Jul 27, 2017 at 10:30 AM, wenxing zheng <wenxing.zh...@gmail.com>
wrote:
> adding more information.
>
> hive.metastore.HiveMetaStoreClientTest is doing the same thing as the
> codes above. and the SHELL script works after we got the ticket with the
> kinit
>
> #!/usr/bin/env bash
>>
>> export HIVE_LIBS_DIR=lib/
>> export JAVA_OPTS='-Xdebug -Xrunjdwp:transport=dt_socket,
>> server=y,suspend=n,address=5005'
>>
>>
>> export CLASSPATH=.:./hive-0.0.1-SNAPSHOT.jar:./conf/:$HADOOP_
>> HOME/etc/hadoop/
>> for i in ${HIVE_LIBS_DIR}/*.jar ; do
>> CLASSPATH=$CLASSPATH:$i
>> done
>> java $JAVA_OPTS -cp $CLASSPATH hive.metastore.HiveMetaStoreClientTest
>
>
>
> On Thu, Jul 27, 2017 at 10:25 PM, wenxing zheng <wenxing.zh...@gmail.com>
> wrote:
>
>> Hello Shakti
>>
>> The configurations mentioned in the link above are all OK and we are able
>> to connect to Hive from Kylin and Hive CLI. Even we are able to connect to
>> meta store in a JAR package but run with classpath setting with
>> HIVE_CONF_DIR.
>>
>> In our web applications, what we are doing is like the codes below:
>>
>> HiveConf conf=new HiveConf();
>>> File f=new File(ConfUtil.getHiveConfDir()+File.separator+"hive-site.xml
>>> ");
>>> if(f.exists()){
>>> conf.addResource(f.toURI().toURL());
>>> }
>>> else{log.error(f.toString()+"nonexist.");}
>>> try{
>>> client=new HiveMetaStoreClient(conf);
>>> }
>>> catch(Exception e){log.error("HiveMetaStoreClient exeception:
>>> "+e.getMessage());e.printStackTrace();}
>>
>>
>> Note: our web application deployed as a WAR package under the Jetty
>> webapps.
>>
>> Thanks again,
>> Wenxing
>>
>>
>> On Thu, Jul 27, 2017 at 8:58 PM, shakti singh Shekhawat <
>> shaktisingh.shekhawa...@gmail.com> wrote:
>>
>>> Hi Wenxing,
>>>
>>> Some of the changes I can see in hive-site.xml in Kerberized cluster as
>>> compared to our non-kerberized one is:
>>> hive.metastore.*sasl.enabled* -->
>>> *<value>true</value> --This property is false in non-kerberized
>>> cluster*
>>> hive.server2.authentication --> <value>KERBEROS</value>
>>>
>>> Adding the below links(please refer as per your distribution) for your
>>> reference for all the properties that are needed to be set in hive-site.xml:
>>> https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_
>>> security/content/kerb-config-hive-site.html
>>> https://www.cloudera.com/documentation/enterprise/5-2-x/topi
>>> cs/cdh_sg_hive_metastore_security.html
>>>
>>> The error you pasted above also points to SASL issue:
>>> 2017-07-27 10:29:16,873 ERROR
>>> *org.apache.thrift.transport.**TSaslTransport:SASL
>>> negotiation failur*e
>>> javax.security.sasl.SaslException: GSS initiate failed [Caused by
>>> GSSException: No valid credentials provided
>>>
>>> Please let me know if the above helps in debugging the issue. Also,
>>> please let us know in case you are able to connect to Hive from an edge
>>> node or through other tools.
>>>
>>> Thanks,
>>> Shakti
>>>
>>>
>>> On Thu, Jul 27, 2017 at 2:04 AM, wenxing zheng <wenxing.zh...@gmail.com>
>>> wrote:
>>>
>>>> In my web application, I am using the HiveMetaStoreClient setting with
>>>> kerberized hive-site.xml.
>>>>
>>>> Any preconditions to met for the HiveMetaStoreClient to work correctly?
>>>>
>>>> On Thu, Jul 27, 2017 at 2:02 PM, wenxing zheng <wenxing.zh...@gmail.com
>>>> > wrote:
>>>>
>>>>> still didn't determine the root cause. And happened to find a JIRA
>>>>> related with my issue: https://issues.cloudera.org/browse/DISTRO-610.
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jul 27, 2017 at 11:41 AM, wenxing zheng <
>>>>> wenxing.zh...@gmail.com> wrote:
>>>>>
>>>>>> Thanks to Shkti. Will have a try immediately.
>>>>>>
>>>>>> On Thu, Jul 27, 2017 at 11:15 AM, shakti singh Shekhawat <
>>>>>> shaktisingh.shekhawa...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Wenxing,
>>>>>>>
>>>>>>> We recently had the same GSS Tgt issue when we moved to a Kerberized
>>>>>>> cluster. The solution that worked for us was "Create a file to define
>>>>>>> Java
>>>>>>> krb5login and name it as jaas.conf or jaas.java". Jaas authentication
>>>>>>> makes
>>>>>>> Java applications independent of underlying authentication technology.
>>>>>>>
>>>>>>> Please refer the below link from Oracle (or search for "How to add
>>>>>>> jaas configuration" in Google to see the 1st link in case the below link
>>>>>>> does not work) for your application.
>>>>>>> http://docs.oracle.com/javase/7/docs/technotes/guides/securi
>>>>>>> ty/jgss/tutorials/LoginConfigFile.html
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Shakti Singh Shekhawat
>>>>>>>
>>>>>>> On Wed, Jul 26, 2017 at 10:42 PM wenxing zheng <
>>>>>>> wenxing.zh...@gmail.com> wrote:
>>>>>>>
>>>>>>>> Dear all,
>>>>>>>>
>>>>>>>> We have a Hive in 2.1.1 and a web application running against the
>>>>>>>> Hive server. Before enabling the Kerberos, everything is OK. But after
>>>>>>>> enabling the Kerberos, it always failed to do the authentication.
>>>>>>>>
>>>>>>>> - web application runs with: Jetty, hive client version: 1.2.1
>>>>>>>> and JDK 1.7
>>>>>>>> - Hive runs with JDK 1.8
>>>>>>>> - but both JDKs are running with JCE jars.
>>>>>>>>
>>>>>>>>
>>>>>>>> Followings are the errors:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2017-07-27 10:29:16,622 INFO hive.metastore:Trying to connect to
>>>>>>>>> metastore with URI thrift://hdp-cli-01.dataservice.net:9083
>>>>>>>>> 2017-07-27 10:29:16,793 WARN
>>>>>>>>> org.apache.hadoop.util.NativeCodeLoader:Unable
>>>>>>>>> to load native-hadoop library for your platform... using builtin-java
>>>>>>>>> classes where applicable
>>>>>>>>> 2017-07-27 10:29:16,873 ERROR
>>>>>>>>> org.apache.thrift.transport.TSaslTransport:SASL
>>>>>>>>> negotiation failure
>>>>>>>>> javax.security.sasl.SaslException: GSS initiate failed [Caused by
>>>>>>>>> GSSException: No valid credentials provided (Mechanism level: Failed
>>>>>>>>> to
>>>>>>>>> find any Kerberos tgt)]
>>>>>>>>> at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChalleng
>>>>>>>>> e(GssKrb5Client.java:212)
>>>>>>>>> at org.apache.thrift.transport.TSaslClientTransport.handleSaslS
>>>>>>>>> tartMessage(TSaslClientTransport.java:94)
>>>>>>>>> at org.apache.thrift.transport.TSaslTransport.open(TSaslTranspo
>>>>>>>>> rt.java:271)
>>>>>>>>> at org.apache.thrift.transport.TSaslClientTransport.open(TSaslC
>>>>>>>>> lientTransport.java:37)
>>>>>>>>> at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1
>>>>>>>>> .run(TUGIAssumingTransport.java:52)
>>>>>>>>> at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1
>>>>>>>>> .run(TUGIAssumingTransport.java:49)
>>>>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>>>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>>>>>>>> upInformation.java:1657)
>>>>>>>>> at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.o
>>>>>>>>> pen(TUGIAssumingTransport.java:49)
>>>>>>>>> at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(Hi
>>>>>>>>> veMetaStoreClient.java:420)
>>>>>>>>> at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(
>>>>>>>>> HiveMetaStoreClient.java:236)
>>>>>>>>> at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(
>>>>>>>>> HiveMetaStoreClient.java:181)
>>>>>>>>> at com.taobao.zeus.store.CliTableManager.initClient(CliTableMan
>>>>>>>>> ager.java:60)
>>>>>>>>> at com.taobao.zeus.store.CliTableManager.<init>(CliTableManager
>>>>>>>>> .java:47)
>>>>>>>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>>>>>>> Method)
>>>>>>>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance(Native
>>>>>>>>> ConstructorAccessorImpl.java:57)
>>>>>>>>> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(De
>>>>>>>>> legatingConstructorAccessorImpl.java:45)
>>>>>>>>> at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
>>>>>>>>> at org.springframework.beans.BeanUtils.instantiateClass(BeanUti
>>>>>>>>> ls.java:100)
>>>>>>>>> at org.springframework.beans.factory.support.SimpleInstantiatio
>>>>>>>>> nStrategy.instantiate(SimpleInstantiationStrategy.java:61)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.instantiateBean(AbstractAutowireCapableBean
>>>>>>>>> Factory.java:877)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.createBeanInstance(AbstractAutowireCapableB
>>>>>>>>> eanFactory.java:839)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFac
>>>>>>>>> tory.java:440)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.ja
>>>>>>>>> va:409)
>>>>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.createBean(AbstractAutowireCapableBeanFacto
>>>>>>>>> ry.java:380)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y$1.getObject(AbstractBeanFactory.java:264)
>>>>>>>>> at org.springframework.beans.factory.support.DefaultSingletonBe
>>>>>>>>> anRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y.doGetBean(AbstractBeanFactory.java:261)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y.getBean(AbstractBeanFactory.java:185)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y.getBean(AbstractBeanFactory.java:164)
>>>>>>>>> at org.springframework.beans.factory.support.DefaultListableBea
>>>>>>>>> nFactory.findAutowireCandidates(DefaultListableBeanFactory.j
>>>>>>>>> ava:671)
>>>>>>>>> at org.springframework.beans.factory.support.DefaultListableBea
>>>>>>>>> nFactory.resolveDependency(DefaultListableBeanFactory.java:610)
>>>>>>>>> at org.springframework.beans.factory.annotation.AutowiredAnnota
>>>>>>>>> tionBeanPostProcessor$AutowiredFieldElement.inject(Autowired
>>>>>>>>> AnnotationBeanPostProcessor.java:412)
>>>>>>>>> at org.springframework.beans.factory.annotation.InjectionMetada
>>>>>>>>> ta.injectFields(InjectionMetadata.java:105)
>>>>>>>>> at org.springframework.beans.factory.annotation.AutowiredAnnota
>>>>>>>>> tionBeanPostProcessor.postProcessAfterInstantiation(Autowire
>>>>>>>>> dAnnotationBeanPostProcessor.java:240)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.populateBean(AbstractAutowireCapableBeanFac
>>>>>>>>> tory.java:959)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFac
>>>>>>>>> tory.java:472)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.ja
>>>>>>>>> va:409)
>>>>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>>>>>>>> pableBeanFactory.createBean(AbstractAutowireCapableBeanFacto
>>>>>>>>> ry.java:380)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y$1.getObject(AbstractBeanFactory.java:264)
>>>>>>>>> at org.springframework.beans.factory.support.DefaultSingletonBe
>>>>>>>>> anRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y.doGetBean(AbstractBeanFactory.java:261)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y.getBean(AbstractBeanFactory.java:185)
>>>>>>>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>>>>>>>> y.getBean(AbstractBeanFactory.java:164)
>>>>>>>>> at org.springframework.beans.factory.support.DefaultListableBea
>>>>>>>>> nFactory.preInstantiateSingletons(DefaultListableBeanFactory
>>>>>>>>> .java:429)
>>>>>>>>> at org.springframework.context.support.AbstractApplicationConte
>>>>>>>>> xt.finishBeanFactoryInitialization(AbstractApplicationContex
>>>>>>>>> t.java:728)
>>>>>>>>> at org.springframework.context.support.AbstractApplicationConte
>>>>>>>>> xt.refresh(AbstractApplicationContext.java:380)
>>>>>>>>> at org.springframework.web.context.ContextLoader.createWebAppli
>>>>>>>>> cationContext(ContextLoader.java:255)
>>>>>>>>> at org.springframework.web.context.ContextLoader.initWebApplica
>>>>>>>>> tionContext(ContextLoader.java:199)
>>>>>>>>> at org.springframework.web.context.ContextLoaderListener.contex
>>>>>>>>> tInitialized(ContextLoaderListener.java:45)
>>>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.callContextI
>>>>>>>>> nitialized(ContextHandler.java:800)
>>>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.callContextI
>>>>>>>>> nitialized(ServletContextHandler.java:444)
>>>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext
>>>>>>>>> (ContextHandler.java:791)
>>>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext
>>>>>>>>> (ServletContextHandler.java:294)
>>>>>>>>> at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppCon
>>>>>>>>> text.java:1349)
>>>>>>>>> at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppCo
>>>>>>>>> ntext.java:1342)
>>>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(Cont
>>>>>>>>> extHandler.java:741)
>>>>>>>>> at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext
>>>>>>>>> .java:505)
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(Abs
>>>>>>>>> tractLifeCycle.java:68)
>>>>>>>>> at org.eclipse.jetty.deploy.bindings.StandardStarter.processBin
>>>>>>>>> ding(StandardStarter.java:41)
>>>>>>>>> at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCyc
>>>>>>>>> le.java:186)
>>>>>>>>> at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(De
>>>>>>>>> ploymentManager.java:498)
>>>>>>>>> at org.eclipse.jetty.deploy.DeploymentManager.addApp(Deployment
>>>>>>>>> Manager.java:146)
>>>>>>>>> at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileA
>>>>>>>>> dded(ScanningAppProvider.java:180)
>>>>>>>>> at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(
>>>>>>>>> WebAppProvider.java:440)
>>>>>>>>> at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fil
>>>>>>>>> eAdded(ScanningAppProvider.java:64)
>>>>>>>>> at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:609)
>>>>>>>>> at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.jav
>>>>>>>>> a:528)
>>>>>>>>> at org.eclipse.jetty.util.Scanner.scan(Scanner.java:391)
>>>>>>>>> at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:313)
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(Abs
>>>>>>>>> tractLifeCycle.java:68)
>>>>>>>>> at org.eclipse.jetty.deploy.providers.ScanningAppProvider.doSta
>>>>>>>>> rt(ScanningAppProvider.java:150)
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(Abs
>>>>>>>>> tractLifeCycle.java:68)
>>>>>>>>> at org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(
>>>>>>>>> DeploymentManager.java:560)
>>>>>>>>> at org.eclipse.jetty.deploy.DeploymentManager.doStart(Deploymen
>>>>>>>>> tManager.java:235)
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(Abs
>>>>>>>>> tractLifeCycle.java:68)
>>>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(Co
>>>>>>>>> ntainerLifeCycle.java:132)
>>>>>>>>> at org.eclipse.jetty.server.Server.start(Server.java:387)
>>>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(
>>>>>>>>> ContainerLifeCycle.java:114)
>>>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(Abs
>>>>>>>>> tractHandler.java:61)
>>>>>>>>> at org.eclipse.jetty.server.Server.doStart(Server.java:354)
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(Abs
>>>>>>>>> tractLifeCycle.java:68)
>>>>>>>>> at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguratio
>>>>>>>>> n.java:1255)
>>>>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>>>> at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration
>>>>>>>>> .java:1174)
>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>>>>>>>> ssorImpl.java:57)
>>>>>>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>>>>>>>> thodAccessorImpl.java:43)
>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>>>>>>> at org.eclipse.jetty.start.Main.invokeMain(Main.java:321)
>>>>>>>>> at org.eclipse.jetty.start.Main.start(Main.java:817)
>>>>>>>>> at org.eclipse.jetty.start.Main.main(Main.java:112)
>>>>>>>>> Caused by: GSSException: No valid credentials provided (Mechanism
>>>>>>>>> level: Failed to find any Kerberos tgt)
>>>>>>>>> at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5In
>>>>>>>>> itCredential.java:147)
>>>>>>>>> at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(
>>>>>>>>> Krb5MechFactory.java:121)
>>>>>>>>> at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(K
>>>>>>>>> rb5MechFactory.java:187)
>>>>>>>>> at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSMana
>>>>>>>>> gerImpl.java:223)
>>>>>>>>> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
>>>>>>>>> pl.java:212)
>>>>>>>>> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm
>>>>>>>>> pl.java:179)
>>>>>>>>> at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChalleng
>>>>>>>>> e(GssKrb5Client.java:193)
>>>>>>>>> ... 94 more
>>>>>>>>
>>>>>>>>
>>>>>>>> Appreciated for your advice.
>>>>>>>> Kind Regards, Wenxing
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
