[
https://issues.apache.org/jira/browse/PHOENIX-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15446611#comment-15446611
]
ASF GitHub Bot commented on PHOENIX-3216:
-----------------------------------------
Github user dbahir commented on the issue:
https://github.com/apache/phoenix/pull/203
If you look at
https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java
you can see that this class is not thread safe and not designed to have
different users login in the same JVM as loginUser is defined in this way.
private static UserGroupInformation loginUser = null;
> Kerberos ticket is not renewed when using Kerberos authentication with
> Phoenix JDBC driver
> ------------------------------------------------------------------------------------------
>
> Key: PHOENIX-3216
> URL: https://issues.apache.org/jira/browse/PHOENIX-3216
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.5.2, 4.8.0
> Environment: Kerberized
> Reporter: Dan Bahir
> Assignee: Dan Bahir
> Fix For: 4.9.0, 4.8.1
>
>
> When using Phoenix jdbc driver in a Kerberized environment and logging in
> with a keytab is not automatically renewed.
> Expected:The ticket will be automatically renewed and the Phoenix driver will
> be able to write to the database.
> Actual: The ticket is not renewed and driver loses access to the database.
> 2016-08-15 00:00:59.738 WARN AbstractRpcClient
> [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - Exception
> encountered
> while connecting to the server : javax.security.sasl.Sa
> slException: GSS initiate failed [Caused by GSSException: No valid
> credentials
> provided (Mechanism level: Failed to find any Kerberos tgt)]
> 2016-08-15 00:00:59.739 ERROR AbstractRpcClient
> [hconnection-0x4763c727-metaLookup-shared--pool1-t686] - SASL authentication
> failed. The most likely cause is missing or invalid crede
> ntials. Consider 'kinit'.
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException:
> No valid credentials provided (Mechanism level: Failed to find any Kerberos
> tgt)]
> at
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java
> :211)
> at
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClie
> nt.java:179)
> at
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClie
> ntImpl.java:611)
> at
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.ja
> va:156)
> at
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
> 7)
> at
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:73
> 4)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.ja
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
