We have cluster with 1 Master and 2 Region Servers(RS1, RS2) with principle principle1/[email protected]<mailto:principle1/[email protected]> Master and region server have the same principle as above.
We changed the RS2 principle as principle2/[email protected]<mailto:principle2/[email protected]> in hbase-site.xml of RS2 machine and restarted the Region Server, We observed the below exception in the region server RS2 log as below, My doubt is is hbase supports different principle for each region server or not, or the below is an issue. Hbase version: 0.98.3 & Hadoop version: 2.4.1 Region Server RS2 Log: 2014-07-25 20:12:27,020 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: Created SASL server with mechanism = GSSAPI 2014-07-25 20:12:27,020 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: Have read input token of size 599 for processing by saslServer.evaluateResponse() 2014-07-25 20:12:27,024 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: RpcServer.responder: callId: -33 wrote 64 bytes. 2014-07-25 20:12:27,024 WARN [RpcServer.reader=1,port=60020] ipc.RpcServer: RpcServer.listener,port=60020: count of bytes read: 0 javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)] at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159) at org.apache.hadoop.hbase.ipc.RpcServer$Connection.saslReadAndProcess(RpcServer.java:1323) at org.apache.hadoop.hbase.ipc.RpcServer$Connection.readAndProcess(RpcServer.java:1509) at org.apache.hadoop.hbase.ipc.RpcServer$Listener.doRead(RpcServer.java:798) at org.apache.hadoop.hbase.ipc.RpcServer$Listener$Reader.doRunLoop(RpcServer.java:589) at org.apache.hadoop.hbase.ipc.RpcServer$Listener$Reader.run(RpcServer.java:564) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137) ... 8 more Caused by: KrbException: Checksum failed at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:85) at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:77) at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:268) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724) ... 11 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:431) at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:254) at sun.security.krb5.internal.crypto.Aes256.decrypt(Aes256.java:59) at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:83) ... 17 more 2014-07-25 20:12:27,026 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: RpcServer.listener,port=60020: DISCONNECTING client XX.XX.XX.XX:58627 because read count=-1. Number of active connections: 1 2014-07-25 20:12:27,026 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: The connection from user: Unknown will be closed. 2014-07-25 20:12:30,584 DEBUG [RpcServer.listener,port=60020] ipc.RpcServer: RpcServer.listener,port=60020: connection from XX.XX.XX.XX:58633; # active connections: 1 2014-07-25 20:12:30,586 DEBUG [RpcServer.reader=2,port=60020] ipc.RpcServer: Kerberos principal name is principle2/[email protected] 2014-07-25 20:12:30,588 DEBUG [RpcServer.reader=2,port=60020] ipc.RpcServer: Created SASL server with mechanism = GSSAPI Regards -Shankar [X] This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! [X]
