[jira] [Resolved] (FALCON-2025) Periodic revalidation of kerberos credentials should be done on loginUser

Tue, 14 Jun 2016 14:14:10 -0700 

     [ 
https://issues.apache.org/jira/browse/FALCON-2025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Balu Vellanki resolved FALCON-2025.
-----------------------------------
    Resolution: Fixed

Fixed by 
https://github.com/apache/falcon/commit/00a07d561fdee4aba5be24cfe841c438b17a0e69
 , closed pull request

> Periodic revalidation of kerberos credentials should be done on loginUser
> -------------------------------------------------------------------------
>
>                 Key: FALCON-2025
>                 URL: https://issues.apache.org/jira/browse/FALCON-2025
>             Project: Falcon
>          Issue Type: Bug
>            Reporter: Balu Vellanki
>            Assignee: Balu Vellanki
>             Fix For: trunk, 0.10
>
>
> For some users, Falcon server fails to perform any operations on workflow 
> engine after the kerberos credentials expire. Falcon server revalidates the 
> credentials from keytab on access saying ugi.checkTGTAndReloginFromKeytab(), 
> but this operation will not work when ugi belongs to proxy user. The relogin 
> should be done on UserGroupInformation.getLoginUser() for the falcon 
> credentials to be renewed. 
> Also, there is a periodic relogin thread which just needed to call the 
> checkTGTAndRelogin alone instead of trampling Subject.
> The error looks as follows.
> {code}
> falcon instance -list -type process -name procName 
> log4j:WARN No appenders could be found for logger 
> (org.apache.hadoop.security.authentication.client.KerberosAuthenticator). 
> log4j:WARN Please initialize the log4j system properly. 
> log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more 
> info. 
> ERROR: Bad 
> Request;default/org.apache.falcon.FalconWebException::org.apache.falcon.FalconException:
>  java.io.IOException: Failed on local exception: java.io.IOException: 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos tgt)]; Host Details : local host is: "machine.test.group/<IP 
> Addr>"; destination host is: "machine.test.group":8020; 
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to