[
https://issues.apache.org/jira/browse/AMBARI-9743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-9743:
---------------------------------
Priority: Blocker (was: Major)
> Storm service check failed after enabling security with existing AD
> -------------------------------------------------------------------
>
> Key: AMBARI-9743
> URL: https://issues.apache.org/jira/browse/AMBARI-9743
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server, stacks
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Labels: kerberos
> Fix For: 2.0.0
>
>
> Setuped security on cluster according to doc.
> https://docs.google.com/a/hortonworks.com/document/d/14GFLtZhB55atuZhcMEUxtODues2WLnHfT0faenIm49I/edit#
> On last stage, storm service check failed
> {code}
> 1017 [main] INFO backtype.storm.StormSubmitter - Generated ZooKeeper secret
> payload for MD5-digest: -5540876373091122649:-7113320937502691642
> 1021 [main] INFO backtype.storm.security.auth.AuthUtils - Got AutoCreds []
> 1039 [main] WARN org.apache.storm.curator.retry.ExponentialBackoffRetry -
> maxRetries too large (60000). Pinning to 29
> 1043 [main] INFO backtype.storm.utils.StormBoundedExponentialBackoffRetry -
> The baseSleepTimeMs [2000] the maxSleepTimeMs [5] the maxRetries [60000]
> 1043 [main] WARN backtype.storm.utils.StormBoundedExponentialBackoffRetry -
> Misconfiguration: the baseSleepTimeMs [2000] can't be greater than the
> maxSleepTimeMs [5].
> 1847 [main] INFO org.apache.storm.zookeeper.Login - successfully logged in.
> Exception in thread "main" java.lang.RuntimeException:
> javax.security.sasl.SaslException: Failure to initialize security context
> [Caused by GSSException: Invalid name provided (Mechanism level: Illegal
> character in realm name; one of: '/', ':', '' (600))]
> at
> backtype.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:99)
> at
> backtype.storm.security.auth.ThriftClient.<init>(ThriftClient.java:66)
> at backtype.storm.utils.NimbusClient.<init>(NimbusClient.java:52)
> at
> backtype.storm.utils.NimbusClient.getConfiguredClient(NimbusClient.java:36)
> at backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:211)
> at backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:157)
> at storm.starter.WordCountTopology.main(WordCountTopology.java:77)
> Caused by: javax.security.sasl.SaslException: Failure to initialize security
> context [Caused by GSSException: Invalid name provided (Mechanism level:
> Illegal character in realm name; one of: '/', ':', '' (600))]
> at
> com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:150)
> at
> com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63)
> at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
> at
> org.apache.thrift7.transport.TSaslClientTransport.<init>(TSaslClientTransport.java:72)
> at
> backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.connect(KerberosSaslTransportPlugin.java:127)
> at
> backtype.storm.security.auth.TBackoffConnect.doConnectWithRetry(TBackoffConnect.java:48)
> at
> backtype.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:97)
> ... 6 more
> Caused by: GSSException: Invalid name provided (Mechanism level: Illegal
> character in realm name; one of: '/', ':', '' (600))
> at
> sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:127)
> at
> sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95)
> at
> sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:202)
> at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472)
> at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
> at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
> at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137)
> at
> com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:108)
> ... 12 more
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
