Check your Default Realm in login-identity-providers.xml On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks <swe...@weeksconsulting.us> wrote:
> For some reason NiFi is trying to use the realm NIFI.COM. I'd search > through your config files and your Kerberos Credential Service and see > where that's coming from. > > Thanks > > On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" < > b.gan...@nokia.com> wrote: > > Hi , > > no , > default_realm = NOKIA.COM > > > > -----Original Message----- > From: Shawn Weeks <swe...@weeksconsulting.us> > Sent: Friday, April 17, 2020 5:43 PM > To: dev@nifi.apache.org > Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4 > > Can you verify that your KDC Realm is really NIFI.COM and that it's > defined in /etc/krb5.conf? > > Thanks > Shawn > > On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" < > b.gan...@nokia.com> wrote: > > Hi , > > I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas > nifi 1.9.2 not seeing this issue . > I am using kdc version as 2.2.5 > > Can anybody help me on this ? > > REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id > is failed with below error > > java.lang.IllegalArgumentException: The supplied username and > password are not valid.}. Returning Bad Request} response."} > java.lang.IllegalArgumentException: The supplied username and > password are not valid. > at > org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: > org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: > Kerberos authentication failed > ... 84 common frames omitted > Caused by: > org.springframework.security.authentication.BadCredentialsException: > Kerberos authentication failed > at > org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66) > ... 86 common frames omitted > Caused by: javax.security.auth.login.LoginException: Cannot locate > KDC > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782) > .java:59) > ... 88 common frames omitted > Caused by: sun.security.krb5.KrbException: Cannot locate KDC > at > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259) > > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744) > ... 96 common frames omitted > Caused by: sun.security.krb5.KrbException: Generic error > (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM > at > java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356) > at > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232) > ... 101 common frames omitted > > > > > > > >
