Just checking.. is that full log? Does the principal name have the _HOST portion in it?
On Wed, Feb 11, 2015 at 5:24 PM, Jiten Gore <ji...@gores.net> wrote: > Thanks Mikhail. Yes it has been so installed. > > We downloaded the JCE unlimited encryption jar files and replaced the > existing jre jar files. Is there any thing else that we need to do? > > Sent from my iPhone > >> On Feb 11, 2015, at 5:08 PM, Mikhail Antonov <olorinb...@gmail.com> wrote: >> >> Does your java app has JCE installed with unlimited encryption strength? >> >> -Mikhail >> >>> On Wed, Feb 11, 2015 at 4:52 PM, Jiten Gore <ji...@gores.net> wrote: >>> Hi Dima, >>> >>> Thanks for the prompt response. >>> >>> Here's what we are doing and the error we are seeing: >>> >>> Code: >>> System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); >>> final Configuration hBaseConfig = HBaseConfiguration.create(); >>> hBaseConfig.setInt("timeout", 120000); >>> hBaseConfig.set("hbase.zookeeper.quorum", "*************"); >>> hBaseConfig.set("hbase.zookeeper.property.clientPort", "2181"); >>> hBaseConfig.set("hadoop.security.authentication", "kerberos"); >>> hBaseConfig.set("hbase.security.authentication", "kerberos"); >>> hBaseConfig.set("hbase.master.kerberos.principal", "*****************"); >>> hBaseConfig.set("hbase.regionserver.kerberos.principal", >>> "*******************"); >>> hBaseConfig.set("hbase.master.keytab.file", "hbase.keytab"); >>> hBaseConfig.set("hbase.regionserver.keytab.file", "hbase.keytab"); >>> UserGroupInformation.setConfiguration(hBaseConfig); >>> >>> UserGroupInformation ugi = >>> UserGroupInformation.loginUserFromKeytabAndReturnUGI("principle_name", >>> "user.keytab"); >>> >>> >>> >>> Error: >>> >>> Exception in thread "main" java.io.IOException: Login failure for >>> <PRINCIPAL_NAME> from keytab >>> at >>> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1008) >>> at Kerberos.KerberosAuthentication.App.hbase(App.java:32) >>> at Kerberos.KerberosAuthentication.App.main(App.java:15) >>> Caused by: javax.security.auth.login.LoginException: null (68) >>> at >>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763) >>> at >>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:606) >>> at >>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) >>> at >>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) >>> at >>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) >>> at >>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) >>> at >>> javax.security.auth.login.LoginContext.login(LoginContext.java:595) >>> at >>> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:997) >>> ... 2 more >>> Caused by: KrbException: null (68) >>> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76) >>> at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319) >>> at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364) >>> at >>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735) >>> ... 15 more >>> Caused by: KrbException: Identifier doesn't match expected value (906) >>> at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143) >>> at sun.security.krb5.internal.ASRep.init(ASRep.java:65) >>> at sun.security.krb5.internal.ASRep.<init>(ASRep.java:60) >>> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) >>> Sent from my iPhone >>> >>>> On Feb 11, 2015, at 10:56 AM, Dima Spivak <dspi...@cloudera.com> wrote: >>>> >>>> Hey Jiten, >>>> >>>> Have you followed the steps outlined in >>>> http://hbase.apache.org/book.html#hbase.secure.configuration ? What issues >>>> are you seeing? >>>> >>>> -Dima >>>> >>>>> On Wed, Feb 11, 2015 at 12:49 PM, Jiten Gore <ji...@gores.net> wrote: >>>>> >>>>> We are having difficulties connecting with our Java application to our >>>>> Kerberized HBase cluster. We are using a keytab file to authenticate. >>>>> >>>>> Has anyone successfully connected this way? If you have and can help, >>>>> please let me know. I can share details about the issue. >>>>> >>>>> Best Regards, >>>>> Jiten >>>>> >>>>> Sent from my iPhone >> >> >> >> -- >> Thanks, >> Michael Antonov >> -- Thanks, Michael Antonov