kamaci opened a new issue #11669:
URL: https://github.com/apache/druid/issues/11669
I get an error when trying to enable Kerberos at Druid (0.20.1) cluster.
This is from router logs:
```
2021-08-26T10:38:10,391 WARN [qtp223566397-107]
org.apache.druid.security.kerberos.KerberosAuthenticator - AuthenticationToken
ignored: org.apache.hadoop.security.authentication.util.SignerException:
Invalid signed text:
2021-08-26T10:38:10,391 WARN [qtp223566397-109]
org.apache.druid.security.kerberos.KerberosAuthenticator - AuthenticationToken
ignored: org.apache.hadoop.security.authentication.util.SignerException:
Invalid signed text:
2021-08-26T10:38:33,861 ERROR [CoordinatorRuleManager-Exec--0]
org.apache.druid.server.router.CoordinatorRuleManager - Exception while polling
for rules
org.apache.druid.java.util.common.ISE: Error while polling rules, status[403
Forbidden] content[<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403
org.apache.hadoop.security.authentication.util.SignerException: Invalid signed
text: </title>
</head>
<body><h2>HTTP ERROR 403
org.apache.hadoop.security.authentication.util.SignerException: Invalid signed
text: </h2>
<table>
<tr><th>URI:</th><td>/druid/coordinator/v1/rules</td></tr>
<tr><th>STATUS:</th><td>403</td></tr>
<tr><th>MESSAGE:</th><td>org.apache.hadoop.security.authentication.util.SignerException:
Invalid signed text: </td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>
</body>
</html>
```
This is from broker log:
```
2021-08-26T10:43:35,360 WARN [DruidSchema-Cache-0]
org.apache.druid.server.QueryLifecycle - Exception while processing queryId
[a0d9d4a8-ef13-42f5-84d9-daad68f10814] (QueryInterruptedException{msg=Invalid
type marker byte 0x3c for expected value token
at [Source: (SequenceInputStream); line: -1, column: 1], code=Unknown
exception, class=com.fasterxml.jackson.core.JsonParseException,
host=abc.dbgt.com:8083})
2021-08-26T10:43:35,360 WARN [DruidSchema-Cache-0]
org.apache.druid.sql.calcite.schema.DruidSchema - Metadata refresh failed,
trying again soon.
org.apache.druid.query.QueryInterruptedException: Invalid type marker byte
0x3c for expected value token
at [Source: (SequenceInputStream); line: -1, column: 1]
```
Here is my config:
druid.auth.authenticatorChain=["kerberos"]
```
# kerberos authentication
druid.auth.authenticator.kerberos.type=kerberos
druid.auth.authenticator.kerberos.serverPrincipal=XXXXX
druid.auth.authenticator.kerberos.serverKeytab=/home/XXXXX.kt
druid.auth.authenticator.kerberos.authorizerName=SASL_PLAINTEXT
druid.escalator.type=kerberos
druid.escalator.internalClientPrincipal=XXXXXX
druid.escalator.internalClientKeytab=/home/XXXXX.kt
druid.escalator.authorizerName=SASL_PLAINTEXT
Here is the plugins:
druid.extensions.loadList=["druid-histogram",
"druid-kafka-indexing-service", "druid-datasketches",
"druid-lookups-cached-global", "postgresql-metadata-storage", "druid-kerberos",
"druid-basic-security"]
```
What can be the reason for that?
**PS**: This maybe related to that:
https://github.com/apache/druid/issues/9543
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
