[jira] [Closed] (FALCON-954) Secure Kerberos setup : Falcon should periodically revalidate auth token.

Ajay Yadava (JIRA) Fri, 24 Apr 2015 08:51:13 -0700

     [ 
https://issues.apache.org/jira/browse/FALCON-954?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ajay Yadava closed FALCON-954.
------------------------------

> Secure Kerberos setup : Falcon should periodically revalidate auth token.
> -------------------------------------------------------------------------
>
>                 Key: FALCON-954
>                 URL: https://issues.apache.org/jira/browse/FALCON-954
>             Project: Falcon
>          Issue Type: Bug
>    Affects Versions: 0.6
>            Reporter: Balu Vellanki
>            Assignee: Balu Vellanki
>            Priority: Critical
>              Labels: falcon-syncup
>             Fix For: 0.7
>
>         Attachments: FALCON-954-v1.patch, FALCON-954-v2.patch, 
> FALCON-954.patch
>
>
> If the credentials are not validated regularly, entity actions like schedule, 
> update and delete will fail with the following exception.
> {code}
> org.apache.falcon.FalconException: AUTHENTICATION : AUTHENTICATION : 
> java.lang.reflect.UndeclaredThrowableException
>       at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.getJobDetails(OozieWorkflowEngine.java:1328)
>       at 
> org.apache.falcon.service.FalconTopicSubscriber.onMessage(FalconTopicSubscriber.java:100)
>       at 
> org.apache.activemq.ActiveMQMessageConsumer.dispatch(ActiveMQMessageConsumer.java:1229)
>       at 
> org.apache.activemq.ActiveMQSessionExecutor.dispatch(ActiveMQSessionExecutor.java:134)
>       at 
> org.apache.activemq.ActiveMQSessionExecutor.iterate(ActiveMQSessionExecutor.java:205)
>       at 
> org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:122)
>       at 
> org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:43)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:744)
> Caused by: AUTHENTICATION : AUTHENTICATION : 
> java.lang.reflect.UndeclaredThrowableException
>       at 
> org.apache.oozie.client.ProxyOozieClient.getJobInfo(ProxyOozieClient.java:306)
>       at 
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.getJobDetails(OozieWorkflowEngine.java:1317)
>       ... 9 more
> Caused by: AUTHENTICATION : java.lang.reflect.UndeclaredThrowableException
>       at 
> org.apache.oozie.client.ProxyOozieClient.getJobInfo(ProxyOozieClient.java:321)
>       at org.apache.oozie.client.OozieClient.getJobInfo(OozieClient.java:780)
>       at 
> org.apache.oozie.client.ProxyOozieClient.access$1201(ProxyOozieClient.java:48)
>       at 
> org.apache.oozie.client.ProxyOozieClient$12.call(ProxyOozieClient.java:302)
>       at 
> org.apache.oozie.client.ProxyOozieClient$12.call(ProxyOozieClient.java:299)
>       at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
>       at 
> org.apache.oozie.client.ProxyOozieClient.getJobInfo(ProxyOozieClient.java:299)
>       ... 10 more
> Caused by: java.lang.reflect.UndeclaredThrowableException
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1609)
>       at 
> org.apache.oozie.client.ProxyOozieClient.createConnection(ProxyOozieClient.java:87)
>       at 
> org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:478)
>       at org.apache.oozie.client.OozieClient.getJobInfo(OozieClient.java:802)
>       at 
> org.apache.oozie.client.ProxyOozieClient.access$1301(ProxyOozieClient.java:48)
>       at 
> org.apache.oozie.client.ProxyOozieClient$13.call(ProxyOozieClient.java:317)
>       at 
> org.apache.oozie.client.ProxyOozieClient$13.call(ProxyOozieClient.java:314)
>       at org.apache.oozie.client.OozieClient.doAs(OozieClient.java:191)
>       at 
> org.apache.oozie.client.ProxyOozieClient.getJobInfo(ProxyOozieClient.java:314)
>       ... 16 more
> Caused by: AUTHENTICATION : Could not authenticate, GSSException: No valid 
> credentials provided (Mechanism level: Failed to find any Kerberos tgt)
>       at 
> org.apache.oozie.client.AuthOozieClient.createTokenBasedAuthConnection(AuthOozieClient.java:156)
>       at 
> org.apache.oozie.client.AuthOozieClient.createConnection(AuthOozieClient.java:209)
>       at 
> org.apache.oozie.client.ProxyOozieClient.access$001(ProxyOozieClient.java:48)
>       at 
> org.apache.oozie.client.ProxyOozieClient$1.run(ProxyOozieClient.java:89)
>       at 
> org.apache.oozie.client.ProxyOozieClient$1.run(ProxyOozieClient.java:87)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1594)
>       ... 24 more
> Caused by: 
> org.apache.hadoop.security.authentication.client.AuthenticationException: 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos tgt)
>       at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:306)
>       at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:196)
>       at 
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:232)
>       at 
> org.apache.oozie.client.AuthOozieClient.createTokenBasedAuthConnection(AuthOozieClient.java:148)
>       ... 31 more
> Caused by: GSSException: No valid credentials provided (Mechanism level: 
> Failed to find any Kerberos tgt)
>       at 
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>       at 
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)
>       at 
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>       at 
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223)
>       at 
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>       at 
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>       at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:285)
>       at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:261)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:261)
>       ... 34 more
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (FALCON-954) Secure Kerberos setup : Falcon should periodically revalidate auth token.

Reply via email to