Hi,
We did not find any other logs. We have added "-Dsun.security.krb5.debug=true", even then there is no much information about the error. And also there are no logs about Phoenix trying to perform kerberos authentication in HBase logs as well as in Kerberos logs. The log shared in the earlier mail is the only information on error we have got. Thanks & Regards, Rohit R. K. ---- On Tue, 14 Mar 2017 20:50:30 +0530 Josh Elser <[email protected]> wrote ---- When you provide the principal and keytab options in the JDBC URL, the ticket cache (created by your kinit invocation) is not used. What does the other logging say from your client? You should see a message about Phoenix performing a Kerberos login given the information you provided. rohitrk.10 wrote: > Hi, > > We are trying to connect to HBase in secure cluster using the following > command as mentioned in the website, > ./sqlline.py <Zookeeper_Node_Hostname>:5181:/hbase:<Principal>:<keytab>. > > Hadoop version is MapR 5.2, HBase ver. 1.1.1 and Phoenix ver. 4.8.1 for > HBase 1.1.1. > > We have executed "kinit -kt <keytab> <principal>" command on all nodes > before starting Phoenix but even then we are not able to connect. > Following is the error log displayed, > > ERROR: > ------ > 17/03/08 16:29:41 WARN ipc.AbstractRpcClient: Exception encountered > while connecting to the server : javax.security.sasl.SaslException: GSS > initiate failed [Caused by GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos tgt)] > 17/03/08 16:29:41 FATAL ipc.AbstractRpcClient: SASL authentication > failed. The most likely cause is missing or invalid credentials. > Consider 'kinit'. > javax.security.sasl.SaslException: GSS initiate failed [Caused by > GSSException: No valid credentials provided (Mechanism level: Failed to > find any Kerberos tgt)] > at > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212) > at > org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:179) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:612) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.java:157) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:738) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:735) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:415) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:735) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:897) > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:866) > at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1209) > at > org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:217) > at > org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:318) > at > org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:32831) > at > org.apache.hadoop.hbase.client.ScannerCallable.openScanner(ScannerCallable.java:373) > at > org.apache.hadoop.hbase.client.ScannerCallable.call(ScannerCallable.java:200) > at > org.apache.hadoop.hbase.client.ScannerCallable.call(ScannerCallable.java:62) > at > org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:200) > at > org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:350) > at > org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:324) > at > org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126) > at > org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:64) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > Caused by: GSSException: No valid credentials provided (Mechanism level: > Failed to find any Kerberos tgt) > at > sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) > at > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121) > at > sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) > at > sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223) > at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) > at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) > at > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193) > ... 26 more > > > Thanks & Regards, > Rohit R. K. >
