[ https://issues.apache.org/jira/browse/APEXCORE-515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15433868#comment-15433868 ]
Pramod Immaneni commented on APEXCORE-515: ------------------------------------------ This is happening when the principal has a group inside. During refresh we are just picking up the username instead of the entire principal. > Refresh tokens failing in some scenarios with a login failure message > --------------------------------------------------------------------- > > Key: APEXCORE-515 > URL: https://issues.apache.org/jira/browse/APEXCORE-515 > Project: Apache Apex Core > Issue Type: Bug > Reporter: Pramod Immaneni > Assignee: Pramod Immaneni > > In some scenarios the token refresh to allow applications to run without > shutting down is failing with the following exception > java.io.IOException: Login failure for xxxxx from keytab > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1146) > at > com.datatorrent.stram.security.StramUserLogin.refreshTokens(StramUserLogin.java:96) > at > com.datatorrent.stram.engine.StreamingContainer.heartbeatLoop(StreamingContainer.java:623) > at > com.datatorrent.stram.engine.StreamingContainer.main(StreamingContainer.java:313) > Caused by: javax.security.auth.login.LoginException: Unable to obtain > password from user > > at > com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:497) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at javax.security.auth.login.LoginContext.login(LoginContext.java:587) > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1135) > ... 3 more -- This message was sent by Atlassian JIRA (v6.3.4#6332)