[jira] [Commented] (FALCON-2025) Periodic revalidation of kerberos credentials should be done on loginUser

Mon, 13 Jun 2016 17:50:22 -0700 

    [ 
https://issues.apache.org/jira/browse/FALCON-2025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15328721#comment-15328721
 ] 

ASF GitHub Bot commented on FALCON-2025:
----------------------------------------

GitHub user bvellanki opened a pull request:

    https://github.com/apache/falcon/pull/183

    FALCON-2025 Periodic revalidation of kerberos credentials should be done on 
loginUser

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/bvellanki/falcon FALCON-2025

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/falcon/pull/183.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #183
    
----
commit 6763755f3dd1c75256498aab4400d7dbc09974c4
Author: bvellanki <bvella...@hortonworks.com>
Date:   2016-06-14T00:47:26Z

    FALCON-2025 Periodic revalidation of kerberos credentials should be done on 
loginUser

----


> Periodic revalidation of kerberos credentials should be done on loginUser
> -------------------------------------------------------------------------
>
>                 Key: FALCON-2025
>                 URL: https://issues.apache.org/jira/browse/FALCON-2025
>             Project: Falcon
>          Issue Type: Bug
>            Reporter: Balu Vellanki
>            Assignee: Balu Vellanki
>             Fix For: trunk, 0.10
>
>
> For some users, Falcon server fails to perform any operations on workflow 
> engine after the kerberos credentials expire. Falcon server periodically 
> revalidates the credentials from keytab saying 
> ugi.checkTGTAndReloginFromKeytab(), but this operation will not work when ugi 
> belongs to proxy user. The relogin should be done on 
> UserGroupInformation.getLoginUser() for the falcon credentials to be renewed. 
> The error looks as follows.
> {code}
> falcon instance -list -type process -name procName 
> log4j:WARN No appenders could be found for logger 
> (org.apache.hadoop.security.authentication.client.KerberosAuthenticator). 
> log4j:WARN Please initialize the log4j system properly. 
> log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more 
> info. 
> ERROR: Bad 
> Request;default/org.apache.falcon.FalconWebException::org.apache.falcon.FalconException:
>  java.io.IOException: Failed on local exception: java.io.IOException: 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos tgt)]; Host Details : local host is: "machine.test.group/<IP 
> Addr>"; destination host is: "machine.test.group":8020; 
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to