$krb5-config --version Kerberos 5 release 1.13.2
On Tue, Dec 12, 2017 at 3:39 PM, Michael Ho <[email protected]> wrote: > Not that I know the answer to the problem you are hitting. Just wondering > what version of Kerberos library (krb5-config --version) are you running ? > > On Tue, Dec 12, 2017 at 3:25 PM, Philip Zeyliger <[email protected]> > wrote: > > > Hi folks, > > > > I've been running into issues with thrift-server-test and Kerberos. Below > > is an excerpt of "KRB5_TRACE=/dev/stderr > > be/build/debug/rpc/thrift-server-test"; both SslConnectivity/1 and > > SslConnectivity/2 fail the same way. > > > > I'm running Ubuntu16.04. I've seen this both on my host, as well as > inside > > of an Ubuntu 16.04 Docker container. > > > > Does this ring any bells? > > > > Thanks! > > > > -- Philip > > > > > > [ RUN ] KerberosOnAndOff/ThriftKerberizedParamsTest. > SslConnectivity/2 > > Loading random data > > Initializing database '7abf-cef9-113e-eae3/krb5kdc/principal' for realm > ' > > KRBTEST.COM', > > master key name 'K/[email protected]' > > [31585] 1513120922.459517: Retrieving K/[email protected] from > > FILE:7abf-cef9-113e-eae3/krb5kdc/.k5.KRBTEST.COM (vno 0, enctype 0) with > > result: 0/Success > > [31586] 1513120922.472314: Retrieving K/[email protected] from > > FILE:7abf-cef9-113e-eae3/krb5kdc/.k5.KRBTEST.COM (vno 0, enctype 0) with > > result: 0/Success > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): > setting > > up network... > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): > > listening > > on fd 11: udp 0.0.0.0.51781 (pktinfo) > > krb5kdc: setsockopt(12,IPV6_V6ONLY,1) worked > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): > > listening > > on fd 12: udp ::.51781 (pktinfo) > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): set > up 2 > > sockets > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): > > commencing operation > > krb5kdc: starting... > > Authenticating as principal philip/[email protected] with password. > > [31589] 1513120922.498913: Retrieving K/[email protected] from > > FILE:7abf-cef9-113e-eae3/krb5kdc/.k5.KRBTEST.COM (vno 0, enctype 0) with > > result: 0/Success > > WARNING: no policy specified for impala/[email protected]; > defaulting > > to no policy > > Principal "impala/[email protected]" created. > > Authenticating as principal philip/[email protected] with password. > > [31590] 1513120922.508777: Retrieving K/[email protected] from > > FILE:7abf-cef9-113e-eae3/krb5kdc/.k5.KRBTEST.COM (vno 0, enctype 0) with > > result: 0/Success > > Entry for principal impala/localhost with kvno 2, encryption type > > aes256-cts-hmac-sha1-96 added to keytab > > WRFILE:7abf-cef9-113e-eae3/krb5kdc/impala_localhost.keytab. > > Entry for principal impala/localhost with kvno 2, encryption type > > aes128-cts-hmac-sha1-96 added to keytab > > WRFILE:7abf-cef9-113e-eae3/krb5kdc/impala_localhost.keytab. > > Entry for principal impala/localhost with kvno 2, encryption type > > des3-cbc-sha1 added to keytab > > WRFILE:7abf-cef9-113e-eae3/krb5kdc/impala_localhost.keytab. > > Entry for principal impala/localhost with kvno 2, encryption type > > arcfour-hmac added to keytab > > WRFILE:7abf-cef9-113e-eae3/krb5kdc/impala_localhost.keytab. > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): AS_REQ > > (6 > > etypes {18 17 16 23 25 26}) 127.0.0.1: ISSUE: authtime 1513120922, > etypes > > {rep=18 tkt=18 ses=18}, impala/[email protected] for krbtgt/ > > [email protected] > > [31476] 1513120922.532304: ccselect can't find appropriate cache for > server > > principal impala@localhost > > [31476] 1513120922.532347: Getting credentials impala/ > > [email protected] > > -> impala@localhost using ccache FILE:/tmp/krb5cc_impala_internal > > [31476] 1513120922.532382: Retrieving impala/[email protected] -> > > impala@localhost from FILE:/tmp/krb5cc_impala_internal with result: > > -1765328243/Matching credential not found > > [31476] 1513120922.532407: Retrieving impala/[email protected] -> > > krbtgt/localhost@localhost from FILE:/tmp/krb5cc_impala_internal with > > result: -1765328243/Matching credential not found > > [31476] 1513120922.532433: Retrieving impala/[email protected] -> > > krbtgt/[email protected] from FILE:/tmp/krb5cc_impala_internal > with > > result: 0/Success > > [31476] 1513120922.532441: Starting with TGT for client realm: impala/ > > [email protected] -> krbtgt/[email protected] > > [31476] 1513120922.532467: Retrieving impala/[email protected] -> > > krbtgt/localhost@localhost from FILE:/tmp/krb5cc_impala_internal with > > result: -1765328243/Matching credential not found > > [31476] 1513120922.532475: Requesting TGT krbtgt/[email protected] > > using TGT krbtgt/[email protected] > > [31476] 1513120922.532491: Generated subkey for TGS request: > > aes256-cts/005D > > [31476] 1513120922.532524: etypes requested in TGS request: aes256-cts, > > aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts > > [31476] 1513120922.532574: Encoding request body and padata into FAST > > request > > [31476] 1513120922.532616: Sending request (951 bytes) to KRBTEST.COM > > [31476] 1513120922.532630: Resolving hostname 127.0.0.1 > > [31476] 1513120922.532648: Sending initial UDP request to dgram > > 127.0.0.1:51781 > > [31586] 1513120922.532790: AP-REQ ticket: impala/[email protected] > -> > > krbtgt/[email protected], session key aes256-cts/580F > > [31586] 1513120922.532814: Negotiated enctype based on authenticator: > > aes256-cts > > [31586] 1513120922.532820: Authenticator contains subkey: aes256-cts/005D > > Dec 12 15:22:02 philip-dev.gce.cloudera.com krb5kdc[31586](info): > TGS_REQ > > (6 etypes {18 17 16 23 25 26}) 127.0.0.1: UNKNOWN_SERVER: authtime 0, > > impala/[email protected] for krbtgt/[email protected], Server > not > > found in Kerberos database > > [31476] 1513120922.533028: Received answer (491 bytes) from dgram > > 127.0.0.1:51781 > > [31476] 1513120922.533044: Response was not from master KDC > > [31476] 1513120922.533053: Decoding FAST response > > [31476] 1513120922.533081: TGS request result: -1765328377/Server krbtgt/ > > [email protected] not found in Kerberos database > > /home/philip/src/impala/be/src/rpc/thrift-server-test.cc:153: Failure > > Value of: status_.ok() > > Actual: false > > Expected: true > > Error: Couldn't open transport for localhost:62119 (SASL(-1): generic > > failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide > > more information (Server krbtgt/[email protected] not found in > > Kerberos > > database)) > > > > [ FAILED ] KerberosOnAndOff/ThriftKerberizedParamsTest. > > SslConnectivity/2, > > where GetParam() = 2 (100 ms) > > > > > > -- > Thanks, > Michael >
