[
https://issues.apache.org/jira/browse/SENTRY-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kalyan Kalvagadda updated SENTRY-2554:
--------------------------------------
Summary: TGT renewal is not retried if there are exceptions. (was: TGT
renewal is retried if there are exceptions.)
> TGT renewal is not retried if there are exceptions.
> ---------------------------------------------------
>
> Key: SENTRY-2554
> URL: https://issues.apache.org/jira/browse/SENTRY-2554
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Reporter: Kalyan Kalvagadda
> Assignee: Kalyan Kalvagadda
> Priority: Major
>
> It looks like there was an issue with the KDC server at some point in time.
> The below error shows the failure. Once sentry gets failure it is not trying
> to renew the certificate.
>
> A fix should be added to the sentry code to retry to renew the TGT even after
> login exception.
> {code:java}
> javax.security.auth.login.LoginException: Client not found in Kerberos
> database (6)
> at
> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
> at
> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
> at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
> at
> org.apache.sentry.service.thrift.SentryKerberosContext.loginWithNewContext(SentryKerberosContext.java:69)
> at
> org.apache.sentry.service.thrift.SentryKerberosContext.run(SentryKerberosContext.java:125)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: KrbException: Client not found in Kerberos database (6)
> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
> at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
> at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
> at
> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
> ... 20 more
> Caused by: KrbException: Identifier doesn't match expected value (906)
> at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
> at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
> at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
> ... 23 more{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
