correction -- after kinit (using falcon user principal), when I run the command, I get "server not found exception". Looks like somthign to do with Kerberos.
What kerberos principal should I use when calling CLI command? -- end-user, HTTP or falcon user? Thanks Venkat org.apache.falcon.client.FalconCLIException: Could not authenticate, GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER) at org.apache.falcon.client.FalconClient.getToken(FalconClient.java:166) at org.apache.falcon.client.FalconClient.<init>(FalconClient.java:136) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:169) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:125) Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:306) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:196) at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:232) at org.apache.falcon.client.FalconClient.getToken(FalconClient.java:164) ... 3 more Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:285) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:261) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:396) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:261) ... 6 more Caused by: KrbException: Server not found in Kerberos database (7) - UNKNOWN_SERVER at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:64) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:185) at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:294) at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:557) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594) ... 13 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:58) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:53) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:46) ... 18 more Error: Unable to initialize Falcon Client object On Wednesday, July 9, 2014 9:55 PM, Venkat R <[email protected]> wrote: Hi All, Running bin/falcon admin -status throws the following GSSException. I have enabled kerberos for service and SPNEGO (disabled SSL and bin/falcon-start -port 15000). I'm able to access the falcon URL via Firefox, but not via CLI. is there something i'm missing any parameter while calling CLI? appreciate any help. Thanks ---- startup.properties ---- *.falcon.authentication.type=kerberos ##### Service Configuration *.falcon.service.authentication.kerberos.principal=dm/[email protected] *.falcon.service.authentication.kerberos.keytab=/export/apps/hadoop/keytabs/dm.keytab *.dfs.namenode.kerberos.principal=hdfs/[email protected] ##### SPNEGO Configuration *.falcon.http.authentication.type=kerberos *.falcon.http.authentication.kerberos.principal=HTTP/[email protected] *.falcon.http.authentication.kerberos.keytab=/export/apps/hadoop/keytabs/dm.keytab *.falcon.http.authentication.token.validity=36000 *.falcon.http.authentication.signature.secret=falcon *.falcon.http.authentication.simple.anonymous.allowed=true *.falcon.http.authentication.kerberos.name.rules=DEFAULT *.falcon.http.authentication.blacklisted.users= ######### Authentication Properties ######### falcon.enableTLS=false ---- Exception -------------- FalconURL -> http://localhost:15000/ Property: falcon.url = http://localhost:15000/ org.apache.falcon.client.FalconCLIException: Could not authenticate, GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at org.apache.falcon.client.FalconClient.getToken(FalconClient.java:166) at org.apache.falcon.client.FalconClient.<init>(FalconClient.java:136) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:169) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:125) Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:306) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:196) at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:232) at org.apache.falcon.client.FalconClient.getToken(FalconClient.java:164) ... 3 more Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:130) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172) at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:285) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:261) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:396) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:261) ... 6 more Error: Unable to initialize Falcon Client object
