Hi Mallieswari, Perhaps the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are not installed in all the JVMs ?
Regards, rafa On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu < dmalliesw...@gmail.com> wrote: > Hi , > > > > I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin" > to Hbase version "1.2.5" in kerberos cluster. > > > > For phoenix secure cluster configuration, I have added the following > properties into the *hbase-site.xml* present in *phoenix/bin* along with > the properties of hbase configuration properties present in hbase/conf path > and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path > > > > phoenix.queryserver.keytab.file > > The key to look for keytab file. > > *unset* > > phoenix.queryserver.kerberos.principal > > The kerberos principal to use when authenticating. > > *unset* > > Phoenix Query Server: > > > > Once updated a above properties query server has been started successfully > using keytab. > > > > *Command to Server:* > > *python queryserver.py* > > > > Phoenix Client: > > > > Once the query server is started successfully then the port no 8765 comes > to live. When i try to connect client with following command it returns GSS > Exception. Am I missing any steps in configuration. > > > > > > *Command to Client:* > > Following are the methods i tried to connect in secure cluster it does not > works. > > > > *Method 1:* python sqlline-thin.py http://hostname:8765 > > *Method 2:* > > python sqlthin-client.py http://hostname:8765;authentication=SPNEGO; > principal=phoenix/org...@xxxxxx.xxxxx.com;keytab=C:\\ > path\\to\\HadoopKeyTabs\\\phoenix.keytab > <http://hostname:8765;authentication=SPNEGO;principal=phoenix/org...@xxxxxx.xxxxx.com;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab> > > > > > > *CLIENT SIDE ERROR:* > > x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765 > > Failed to find hbase executable on PATH, defaulting serialization to > PROTOBUF. > > [ERROR] Terminal initialization failed; falling back to unsupported > > java.lang.NoClassDefFoundError: Could not initialize class > org.apache.phoenix.sh > > aded.org.fusesource.jansi.internal.Kernel32 > > at org.apache.phoenix.shaded.org.fusesource.jansi.internal. > WindowsSuppor > > t.getConsoleMode(WindowsSupport.java:50) > > at org.apache.phoenix.shaded.jline.WindowsTerminal. > getConsoleMode(Window > > sTerminal.java:177) > > at org.apache.phoenix.shaded.jline.WindowsTerminal.init( > WindowsTerminal. > > java:80) > > at org.apache.phoenix.shaded.jline.TerminalFactory.create( > TerminalFactor > > y.java:101) > > at org.apache.phoenix.shaded.jline.TerminalFactory.get( > TerminalFactory.j > > ava:159) > > at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45) > > at sqlline.SqlLine.<init>(SqlLine.java:55) > > at sqlline.SqlLine.start(SqlLine.java:397) > > at sqlline.SqlLine.main(SqlLine.java:291) > > at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run( > SqllineWra > > pper.java:88) > > at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run( > SqllineWra > > pper.java:85) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAs(Subject.java:415) > > at org.apache.hadoop.security.UserGroupInformation.doAs( > UserGroupInforma > > tion.java:1657) > > at org.apache.phoenix.queryserver.client.SqllineWrapper.main( > SqllineWrap > > per.java:85) > > > > [ERROR] Terminal initialization failed; falling back to unsupported > > java.lang.NoClassDefFoundError: Could not initialize class > org.apache.phoenix.sh > > aded.org.fusesource.jansi.internal.Kernel32 > > at org.apache.phoenix.shaded.org.fusesource.jansi.internal. > WindowsSuppor > > t.getConsoleMode(WindowsSupport.java:50) > > at org.apache.phoenix.shaded.jline.WindowsTerminal. > getConsoleMode(Window > > sTerminal.java:177) > > at org.apache.phoenix.shaded.jline.WindowsTerminal.init( > WindowsTerminal. > > java:80) > > at org.apache.phoenix.shaded.jline.TerminalFactory.create( > TerminalFactor > > y.java:101) > > at sqlline.SqlLine.getConsoleReader(SqlLine.java:723) > > at sqlline.SqlLine.begin(SqlLine.java:657) > > at sqlline.SqlLine.start(SqlLine.java:398) > > at sqlline.SqlLine.main(SqlLine.java:291) > > at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run( > SqllineWra > > pper.java:88) > > at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run( > SqllineWra > > pper.java:85) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAs(Subject.java:415) > > at org.apache.hadoop.security.UserGroupInformation.doAs( > UserGroupInforma > > tion.java:1657) > > at org.apache.phoenix.queryserver.client.SqllineWrapper.main( > SqllineWrap > > per.java:85) > > > > Setting property: [incremental, false] > > Setting property: [isolation, TRANSACTION_READ_COMMITTED] > > issuing: !connect jdbc:phoenix:thin:url=http:// > namenode1:8765;serialization=PROT > > OBUF;authentication=SPNEGO none none org.apache.phoenix. > queryserver.client.Drive > > r > > Connecting to jdbc:phoenix:thin:url=http://namenode1:8765;serialization= > PROTOBUF > > ;authentication=SPNEGO > > java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404 > > at org.apache.calcite.avatica.remote. > AvaticaCommonsHttpClientSpnegoImpl. > > send(AvaticaCommonsHttpClientSpnegoImpl.java:148) > > at org.apache.calcite.avatica.remote.RemoteProtobufService._ > apply(Remote > > ProtobufService.java:45) > > at org.apache.calcite.avatica.remote.ProtobufService.apply( > ProtobufServi > > ce.java:81) > > at org.apache.calcite.avatica.remote.Driver.connect(Driver. > java:176) > > at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157) > > at sqlline.DatabaseConnection.getConnection( > DatabaseConnection.java:203) > > > > at sqlline.Commands.connect(Commands.java:1064) > > at sqlline.Commands.connect(Commands.java:996) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl. > > java:57) > > at sun.reflect.DelegatingMethodAccessorImpl. > invoke(DelegatingMethodAcces > > sorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at sqlline.ReflectiveCommandHandler.execute( > ReflectiveCommandHandler.jav > > a:38) > > at sqlline.SqlLine.dispatch(SqlLine.java:809) > > at sqlline.SqlLine.initArgs(SqlLine.java:588) > > at sqlline.SqlLine.begin(SqlLine.java:661) > > at sqlline.SqlLine.start(SqlLine.java:398) > > at sqlline.SqlLine.main(SqlLine.java:291) > > at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run( > SqllineWra > > pper.java:88) > > at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run( > SqllineWra > > pper.java:85) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAs(Subject.java:415) > > at org.apache.hadoop.security.UserGroupInformation.doAs( > UserGroupInforma > > tion.java:1657) > > at org.apache.phoenix.queryserver.client.SqllineWrapper.main( > SqllineWrap > > per.java:85) > > > > > > > > > > *SERVER SIDE ERROR:* > > 17/10/04 05:34:28 INFO server.Server: Started @9558ms > > 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765. > > 17/10/04 05:38:39 WARN security.SpnegoLoginService: > > GSSException: Failure unspecified at GSS-API level (Mechanism level: > Encryption > > type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled) > > at sun.security.jgss.krb5.Krb5Context.acceptSecContext( > Krb5Context.java: > > 788) > > at sun.security.jgss.GSSContextImpl.acceptSecContext( > GSSContextImpl.java > > :342) > > at sun.security.jgss.GSSContextImpl.acceptSecContext( > GSSContextImpl.java > > :285) > > at sun.security.jgss.spnego.SpNegoContext.GSS_ > acceptSecContext(SpNegoCon > > text.java:871) > > at sun.security.jgss.spnego.SpNegoContext. > acceptSecContext(SpNegoContext > > .java:544) > > at sun.security.jgss.GSSContextImpl.acceptSecContext( > GSSContextImpl.java > > :342) > > at sun.security.jgss.GSSContextImpl.acceptSecContext( > GSSContextImpl.java > > :285) > > at org.apache.phoenix.shaded.org.eclipse.jetty.security. > SpnegoLoginServi > > ce.login(SpnegoLoginService.java:137) > > at org.apache.phoenix.shaded.org.eclipse.jetty.security. > authentication.L > > oginAuthenticator.login(LoginAuthenticator.java:61) > > at org.apache.phoenix.shaded.org.eclipse.jetty.security. > authentication.S > > pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99) > > at org.apache.phoenix.shaded.org.eclipse.jetty.security. > SecurityHandler. > > handle(SecurityHandler.java:512) > > at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler. > HandlerLis > > t.handle(HandlerList.java:52) > > at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler. > HandlerWra > > pper.handle(HandlerWrapper.java:97) > > at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server. > handle(Serv > > er.java:499) > > at org.apache.phoenix.shaded.org.eclipse.jetty.server. > HttpChannel.handle > > (HttpChannel.java:311) > > at org.apache.phoenix.shaded.org.eclipse.jetty.server. > HttpConnection.onF > > illable(HttpConnection.java:257) > > at org.apache.phoenix.shaded.org.eclipse.jetty.io. > AbstractConnection$2.r > > un(AbstractConnection.java:544) > > at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread. > QueuedThreadP > > ool.runJob(QueuedThreadPool.java:635) > > at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread. > QueuedThreadP > > ool$3.run(QueuedThreadPool.java:555) > > at java.lang.Thread.run(Thread.java:744) > > Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 > is no > > t supported/enabled > > at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:552) > > at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270) > > at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144) > > at sun.security.jgss.krb5.InitSecContextToken.<init>( > InitSecContextToken > > .java:108) > > at sun.security.jgss.krb5.Krb5Context.acceptSecContext( > Krb5Context.java: > > 771) > > ... 19 more > > > > > > > > Please help me to solve this issue. > > -- > > Thanks and regards > > D.Mallieswari >