Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from the target cluster to the class path resolved the issue. We initially only had hbase and hdfs site xmls in the class path. Is there a way to set the hbase/core site properties in the code instead of copying the config xmls to the class path.
On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mujt...@apache.org> wrote: > Add the following java parameter to connect to secure cluster: > -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf > -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction > are at > > http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html > . > > > //mujtaba > > On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bijuatapa...@gmail.com> wrote: > > > Hi There, > > We are trying to connect to a secure HBase/Phoenix cluster through > > Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab > > and principal we are able to connect successfully to HBase through HBase > > APIs but the connection request fails when making the Phoenix JDBC > > connection. > > > > The JDBC connection string used is of the format > > > > "jdbc:phoenix:zkquorum:/hbase:princi...@realm.com:keytab-file-path" > > > > and the following is the exception. If any pointers to what could be the > > cause for this exception that would be helpful. We are using Phoenix 4.2 > > against hbase 98.x. > > > > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL > > authentication failed. The most likely cause is missing or invalid > > credentials. Consider 'kinit'. > > javax.security.sasl.SaslException: GSS initiate failed [Caused by > > GSSException: No valid credentials provided (Mechanism level: Failed to > > find any Kerberos tgt)] > > at > > > > > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) > > at > > > > > org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349) > > at > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943) > > at > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAs(Subject.java:422) > > at > > > > > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061) > > at > org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724) > > at > > > > > org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777) > > at > > > > > org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561) > > at > > > > > org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664) > > at > > > > > org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573) > > at > > > > > org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599) > > at > > > > > org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653) > > at > > > > > org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860) > > at > > > > > org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363) > > at > > > > > org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125) > > at > > > > > org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390) > > at > > > > > org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408) > > at > > > > > org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429) > > at > > > > > org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759) > > at > > > > > org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104) > > at > > > > > org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110) > > at > > > > > org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527) > > at > > > > > org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535) > > at > > > > > org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184) > > at > > > org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260) > > at > > > org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252) > > at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53) > > at > > > > > org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250) > > at > > > > > org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026) > > at > > > > > org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529) > > at > > > > > org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498) > > at > > > > > org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77) > > at > > > > > org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498) > > at > > > > > org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162) > > at > > > > > org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126) > > at > > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133) > > at java.sql.DriverManager.getConnection(DriverManager.java:664) > > at java.sql.DriverManager.getConnection(DriverManager.java:270) > > at > com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40) > > Caused by: GSSException: No valid credentials provided (Mechanism level: > > Failed to find any Kerberos tgt) > > at > > > > > sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) > > at > > > > > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) > > at > > > > > sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) > > at > > > > > sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224) > > at > > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) > > at > > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) > > at > > > > > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) > > ... 46 more > > >
