[
https://issues.apache.org/jira/browse/PHOENIX-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15227821#comment-15227821
]
Ankit Singhal commented on PHOENIX-2817:
----------------------------------------
Yes, I'm also fine with this too.
Let me commit this. Thanks [~sergey.soldatov] for the fix.
> Phoenix-Spark plugin doesn't work in secured env
> ------------------------------------------------
>
> Key: PHOENIX-2817
> URL: https://issues.apache.org/jira/browse/PHOENIX-2817
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 4.4.0, 4.7.0
> Reporter: Sergey Soldatov
> Assignee: Sergey Soldatov
> Fix For: 4.8.0
>
> Attachments: PHOENIX-2817-1.patch, PHOENIX-2817-2.patch,
> PHOENIX-2817-3.patch
>
>
> When phoenix spark plugin is used with secured setup any attempt to perform
> operation with PhoenixRDD cause an exception :
> {noformat}
> Caused by: java.io.IOException: Login failure for 2181 from keytab /hbase:
> javax.security.auth.login.LoginException: Unable to obtain password from user
> at
> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
> at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:275)
> at
> org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
> at org.apache.hadoop.hbase.security.User.login(User.java:253)
> at
> org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
> ... 107 more
> Caused by: javax.security.auth.login.LoginException: Unable to obtain
> password from user
> at
> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
> at
> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
> at
> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
> at
> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
> ... 111 more
> {noformat}
> The reason is the how zkUrl is handled in PhoenixRDD:
> {noformat}
> config.set(HConstants.ZOOKEEPER_QUORUM, url )
> {noformat}
> At the same time the {{ConnectionUtil.getInputConnection}} expects to see all
> parameters (quorum address, port, znodeParent) in different Configuration
> properties. As the result it gets default values for port and znodeParent and
> adds it to the provided url, so the {{PhoenixEmbededDriver.create}} receives
> something like that:
> {noformat}
> jdbc:phoenix:quorum:2181:/hbase-secure:2181:/hbase
> {noformat}
> and consider 2 fields as kerberos principal and keytab.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
