Just checking.. is that full log? Does the principal name have the
_HOST portion in it?
On Wed, Feb 11, 2015 at 5:24 PM, Jiten Gore <ji...@gores.net> wrote:
> Thanks Mikhail. Yes it has been so installed.
>
> We downloaded the JCE unlimited encryption jar files and replaced the
> existing jre jar files. Is there any thing else that we need to do?
>
> Sent from my iPhone
>
>> On Feb 11, 2015, at 5:08 PM, Mikhail Antonov <olorinb...@gmail.com> wrote:
>>
>> Does your java app has JCE installed with unlimited encryption strength?
>>
>> -Mikhail
>>
>>> On Wed, Feb 11, 2015 at 4:52 PM, Jiten Gore <ji...@gores.net> wrote:
>>> Hi Dima,
>>>
>>> Thanks for the prompt response.
>>>
>>> Here's what we are doing and the error we are seeing:
>>>
>>> Code:
>>> System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
>>> final Configuration hBaseConfig = HBaseConfiguration.create();
>>> hBaseConfig.setInt("timeout", 120000);
>>> hBaseConfig.set("hbase.zookeeper.quorum", "*************");
>>> hBaseConfig.set("hbase.zookeeper.property.clientPort", "2181");
>>> hBaseConfig.set("hadoop.security.authentication", "kerberos");
>>> hBaseConfig.set("hbase.security.authentication", "kerberos");
>>> hBaseConfig.set("hbase.master.kerberos.principal", "*****************");
>>> hBaseConfig.set("hbase.regionserver.kerberos.principal",
>>> "*******************");
>>> hBaseConfig.set("hbase.master.keytab.file", "hbase.keytab");
>>> hBaseConfig.set("hbase.regionserver.keytab.file", "hbase.keytab");
>>> UserGroupInformation.setConfiguration(hBaseConfig);
>>>
>>> UserGroupInformation ugi =
>>> UserGroupInformation.loginUserFromKeytabAndReturnUGI("principle_name",
>>> "user.keytab");
>>>
>>>
>>>
>>> Error:
>>>
>>> Exception in thread "main" java.io.IOException: Login failure for
>>> <PRINCIPAL_NAME> from keytab
>>> at
>>> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1008)
>>> at Kerberos.KerberosAuthentication.App.hbase(App.java:32)
>>> at Kerberos.KerberosAuthentication.App.main(App.java:15)
>>> Caused by: javax.security.auth.login.LoginException: null (68)
>>> at
>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763)
>>> at
>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at
>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
>>> at
>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
>>> at
>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
>>> at
>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
>>> at
>>> javax.security.auth.login.LoginContext.login(LoginContext.java:595)
>>> at
>>> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:997)
>>> ... 2 more
>>> Caused by: KrbException: null (68)
>>> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
>>> at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319)
>>> at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364)
>>> at
>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735)
>>> ... 15 more
>>> Caused by: KrbException: Identifier doesn't match expected value (906)
>>> at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143)
>>> at sun.security.krb5.internal.ASRep.init(ASRep.java:65)
>>> at sun.security.krb5.internal.ASRep.<init>(ASRep.java:60)
>>> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
>>> Sent from my iPhone
>>>
>>>> On Feb 11, 2015, at 10:56 AM, Dima Spivak <dspi...@cloudera.com> wrote:
>>>>
>>>> Hey Jiten,
>>>>
>>>> Have you followed the steps outlined in
>>>> http://hbase.apache.org/book.html#hbase.secure.configuration ? What issues
>>>> are you seeing?
>>>>
>>>> -Dima
>>>>
>>>>> On Wed, Feb 11, 2015 at 12:49 PM, Jiten Gore <ji...@gores.net> wrote:
>>>>>
>>>>> We are having difficulties connecting with our Java application to our
>>>>> Kerberized HBase cluster. We are using a keytab file to authenticate.
>>>>>
>>>>> Has anyone successfully connected this way? If you have and can help,
>>>>> please let me know. I can share details about the issue.
>>>>>
>>>>> Best Regards,
>>>>> Jiten
>>>>>
>>>>> Sent from my iPhone
>>
>>
>>
>> --
>> Thanks,
>> Michael Antonov
>>
--
Thanks,
Michael Antonov
