[ https://issues.apache.org/jira/browse/ATLAS-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Greg Senia updated ATLAS-1546: ------------------------------ Attachment: hs2.log.gz [~madhan.neethiraj] and [~nixonrodrigues] here is the full log. What I see that is interesting it seems like HS2 may have a ticketcache and a keytab base login.. 2017-02-10 20:29:54,274 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(237)) - ==> InMemoryJAASConfiguration.initialize() 2017-02-10 20:29:54,274 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(237)) - ==> InMemoryJAASConfiguration.initialize() 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(351)) - Adding client: [KafkaClient{-1}] loginModule: [com.sun.security.auth.module.Krb5LoginModule] controlFlag: [LoginModuleControlFlag: required] Options: [principal] => [hive/ha21t55mn.tech.hdp.example....@tech.hdp.example.com] Options: [storeKey] => [True] Options: [keyTab] => [/etc/security/keytabs/hive.service.keytab] Options: [useKeyTab] => [True] Options: [serviceName] => [kafka] 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(351)) - Adding client: [KafkaClient{-1}] loginModule: [com.sun.security.auth.module.Krb5LoginModule] controlFlag: [LoginModuleControlFlag: required] Options: [principal] => [hive/ha21t55mn.tech.hdp.example....@tech.hdp.example.com] Options: [storeKey] => [True] Options: [keyTab] => [/etc/security/keytabs/hive.service.keytab] Options: [useKeyTab] => [True] Options: [serviceName] => [kafka] 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(351)) - Adding client: [ticketBased-KafkaClient{-1}] loginModule: [com.sun.security.auth.module.Krb5LoginModule] controlFlag: [LoginModuleControlFlag: required] Options: [useTicketCache] => [true] 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(351)) - Adding client: [ticketBased-KafkaClient{-1}] loginModule: [com.sun.security.auth.module.Krb5LoginModule] controlFlag: [LoginModuleControlFlag: required] Options: [useTicketCache] => [true] 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(364)) - <== InMemoryJAASConfiguration.initialize() 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:initialize(364)) - <== InMemoryJAASConfiguration.initialize() 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:init(191)) - <== InMemoryJAASConfiguration.init() 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:init(191)) - <== InMemoryJAASConfiguration.init() 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:init(178)) - <== InMemoryJAASConfiguration.init() 2017-02-10 20:29:54,280 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:init(178)) - <== InMemoryJAASConfiguration.init() 2017-02-10 20:29:54,284 DEBUG [HiveServer2-HttpHandler-Pool: Thread-53]: security.InMemoryJAASConfiguration (InMemoryJAASConfiguration.java:setConfigSectionRedirect(372)) - ==> setConfigSectionRedirect({}, {})KafkaClient ticketBased-KafkaClient > Hive hook should choose appropriate JAAS config if host uses kerberos > ticket-cache > ---------------------------------------------------------------------------------- > > Key: ATLAS-1546 > URL: https://issues.apache.org/jira/browse/ATLAS-1546 > Project: Atlas > Issue Type: Improvement > Components: atlas-intg > Affects Versions: 0.7-incubating, 0.8-incubating > Reporter: Madhan Neethiraj > Assignee: Nixon Rodrigues > Fix For: 0.8-incubating > > Attachments: ATLAS-1546.1.patch, ATLAS-1546.patch, > hiveserver2_log.txt, hs2.log.gz > > > In a kerberized environment, Atlas hook uses JAAS configuration section named > "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment > this configuration section is set to use the keytab and principal of > HiveServer2 process. The hook running in HiveCLI might fail to authenticate > with Kafka if the user can't read the configured keytab. > Given that HiveCLI users would have performed kinit, the hook in HiveCLI > should use the ticket-cache generated by kinit. When ticket cache is not > available (for example in HiveServer2), the hook should use the configuration > provided in KafkaClient JAAS section. -- This message was sent by Atlassian JIRA (v6.3.15#6346)