[
https://issues.apache.org/jira/browse/SENTRY-492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ruiming Zhou updated SENTRY-492:
--------------------------------
Description:
while connecting to the sentry service with keberos is enabled using IBM JDK,
it failed because of the exceptions from the salsclient creation.
Caused by: javax.security.sasl.SaslException: Failure to initialize security
context [Caused by org.ietf.jgss.GSSException, major code: 13, minor code: 0
major string: Invalid credentials
minor string: SubjectCredFinder: no JAAS Subject]
at
com.ibm.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:131)
at
com.ibm.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:53)
at javax.security.sasl.Sasl.createSaslClient(Sasl.java:362)
at
org.apache.thrift.transport.TSaslClientTransport.<init>(TSaslClientTransport.java:72)
at
org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient$UgiSaslClientTransport.<init>(SentryPolicyServiceClient.java:84)
at
org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient.<init>(SentryPolicyServiceClient.java:144)
at
org.apache.sentry.provider.db.SimpleDBProviderBackend.<init>(SimpleDBProviderBackend.java:52)
at
org.apache.sentry.provider.db.SimpleDBProviderBackend.<init>(SimpleDBProviderBackend.java:48)
... 31 more
Caused by: org.ietf.jgss.GSSException, major code: 13, minor code: 0
major string: Invalid credentials
minor string: SubjectCredFinder: no JAAS Subject
at
com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:83)
at
com.ibm.security.jgss.mech.krb5.Krb5Credential$SubjectCredFinder.run(Krb5Credential.java:1126)
at
java.security.AccessController.doPrivileged(AccessController.java:330)
at
com.ibm.security.jgss.mech.krb5.Krb5Credential.getClientCredsFromSubject(Krb5Credential.java:816)
at
com.ibm.security.jgss.mech.krb5.Krb5Credential.getCredentials(Krb5Credential.java:388)
at
com.ibm.security.jgss.mech.krb5.Krb5Credential.init(Krb5Credential.java:196)
This is because IBM JDK requires valid kerberos credentials in place when
creating Sasl client.
was:
There are multiple testcase failures that are related to the UDF.
1.TestPrivilegesAtFunctionScope.testUdfWhiteList:162 Expected SQLException for
'SELECT reflect('java.net.URLDecoder', 'decode', 'http://www.apache.org',
'utf-8'), value FROM tab1'
2.
TestDbPrivilegesAtFunctionScope>TestPrivilegesAtFunctionScope.testUdfWhiteList:162
Expected SQLException for 'SELECT reflect('java.net.URLDecoder', 'decode',
'http://www.apache.org', 'utf-8'), value FROM tab1'
3.
TestDbPrivilegesAtDatabaseScope>TestPrivilegesAtDatabaseScope.testAllPrivilegeOnObjectOwnedByAdmin:276
Expected SQL exception
Labels: newbie (was: )
Summary: Can not connect to sentry service using IBM JDK when keberos
is enabled (was: CLONE - Sentry + Hive 0.13 integration test failure
TestPrivilegesAtFunctionScope)
> Can not connect to sentry service using IBM JDK when keberos is enabled
> -------------------------------------------------------------------------
>
> Key: SENTRY-492
> URL: https://issues.apache.org/jira/browse/SENTRY-492
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Ruiming Zhou
> Assignee: Ruiming Zhou
> Labels: newbie
> Fix For: 1.5.0
>
>
> while connecting to the sentry service with keberos is enabled using IBM JDK,
> it failed because of the exceptions from the salsclient creation.
> Caused by: javax.security.sasl.SaslException: Failure to initialize security
> context [Caused by org.ietf.jgss.GSSException, major code: 13, minor code: 0
> major string: Invalid credentials
> minor string: SubjectCredFinder: no JAAS Subject]
> at
> com.ibm.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:131)
> at
> com.ibm.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:53)
> at javax.security.sasl.Sasl.createSaslClient(Sasl.java:362)
> at
> org.apache.thrift.transport.TSaslClientTransport.<init>(TSaslClientTransport.java:72)
> at
> org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient$UgiSaslClientTransport.<init>(SentryPolicyServiceClient.java:84)
> at
> org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient.<init>(SentryPolicyServiceClient.java:144)
> at
> org.apache.sentry.provider.db.SimpleDBProviderBackend.<init>(SimpleDBProviderBackend.java:52)
> at
> org.apache.sentry.provider.db.SimpleDBProviderBackend.<init>(SimpleDBProviderBackend.java:48)
> ... 31 more
> Caused by: org.ietf.jgss.GSSException, major code: 13, minor code: 0
> major string: Invalid credentials
> minor string: SubjectCredFinder: no JAAS Subject
> at
> com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:83)
> at
> com.ibm.security.jgss.mech.krb5.Krb5Credential$SubjectCredFinder.run(Krb5Credential.java:1126)
> at
> java.security.AccessController.doPrivileged(AccessController.java:330)
> at
> com.ibm.security.jgss.mech.krb5.Krb5Credential.getClientCredsFromSubject(Krb5Credential.java:816)
> at
> com.ibm.security.jgss.mech.krb5.Krb5Credential.getCredentials(Krb5Credential.java:388)
> at
> com.ibm.security.jgss.mech.krb5.Krb5Credential.init(Krb5Credential.java:196)
>
> This is because IBM JDK requires valid kerberos credentials in place when
> creating Sasl client.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
