Balu Vellanki created FALCON-2025:
-------------------------------------
Summary: Periodic revalidation of kerberos credentials should be
done on loginUser
Key: FALCON-2025
URL: https://issues.apache.org/jira/browse/FALCON-2025
Project: Falcon
Issue Type: Bug
Reporter: Balu Vellanki
Assignee: Balu Vellanki
Fix For: trunk, 0.10
For some users, Falcon server fails to perform any operations on workflow
engine after the kerberos credentials expire. Falcon server periodically
revalidates the credentials from keytab saying
ugi.checkTGTAndReloginFromKeytab(), but this operation will not work when ugi
belongs to proxy user. The relogin should be done on
UserGroupInformation.getLoginUser() for the falcon credentials to be renewed.
The error looks as follows.
{code}
falcon instance -list -type process -name procName
log4j:WARN No appenders could be found for logger
(org.apache.hadoop.security.authentication.client.KerberosAuthenticator).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more
info.
ERROR: Bad
Request;default/org.apache.falcon.FalconWebException::org.apache.falcon.FalconException:
java.io.IOException: Failed on local exception: java.io.IOException:
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)]; Host Details : local host is: "machine.test.group/<IP Addr>";
destination host is: "machine.test.group":8020;
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
