Re: Processor using Kerberos keytab auth - can't renew TGT

Hmm, so it seems updating the Hadoop version used by my processor from 2.6.0 to 2.7.3 has fixed the problem. Testing a little more just to make sure... On 14 July 2017 at 14:48, Georg Heiler wrote: > We just applied the standard fix to enable the JCE extensions i.e.

Re: Processor using Kerberos keytab auth - can't renew TGT

We just applied the standard fix to enable the JCE extensions i.e. copied the files into the right place. I was on vacation last week but it looked like the fix we had been searching for for a while. We were still conducting some more testing to see if this actually fixed the problem. But without

Re: Processor using Kerberos keytab auth - can't renew TGT

Hi Georg, I am indeed using open-jdk8 on CentOS 7.3, but I'm not sure why my standalone app is ok, whereas the same code in NiFi isn't. How did you fix the JCE policies? I'm guessing it is something to do with the shared UserGroupInformation class. Which makes me wonder how (if) it will work

Re: Processor using Kerberos keytab auth - can't renew TGT

Hi Joe, we recently had a similar problem. For us it turned out that we are using the latest open-jdk8 which no longer is providing the JCE policies required for strong cryptography out of the box on cents 7.3. regards, Georg Joe Witt schrieb am Fr., 14. Juli 2017 um 15:12

Re: Processor using Kerberos keytab auth - can't renew TGT

James, I know Jeff Storck has recently been doing some work around Kerberos/TGT renewal. Hopefully he can share some of his observations/work back on this thread soon. Thanks On Fri, Jul 14, 2017 at 8:48 AM, James Srinivasan wrote: > Hi all, > > I have a NiFi

Processor using Kerberos keytab auth - can't renew TGT

Hi all, I have a NiFi processor which uses Kerberos keytab authentication to write data to Accumulo. I have a separate thread which periodically runs in order to try renewing my TGT (UserGroupInformation.getCurrentUser.checkTGTAndReloginFromKeytab()). This code works fine outside NiFi, but