ninsmiracle commented on issue #2114: URL: https://github.com/apache/incubator-pegasus/issues/2114#issuecomment-2345207036
I also check the log in KDC: ``` Sep 11 15:26:24 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): AS_REQ (6 etypes {18 17 16 23 25 26}) [10.XXX.XX.1](http://10.XXX.XX.1/): NEEDED_PREAUTH: pegasus_prc/[email protected] for krbtgt/[email protected], Additional pre-authentication required Sep 11 15:26:24 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) [10.XXX.XX.1](http://10.XXX.XX.1/): ISSUE: authtime 1726039584, etypes {rep=18 tkt=18 ses=18}, pegasus_prc/[email protected] for pegasus_prc/[email protected] Sep 11 15:26:38 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): TGS_REQ (4 etypes {18 17 16 23}) [10.132.5.3](http://10.132.5.3/): ISSUE: authtime 1726039598, etypes {rep=18 tkt=18 ses=18}, pegasus_prc/[email protected] for pegasus_prc/[email protected] Sep 11 15:26:47 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) [10.XXX.XX.1](http://10.XXX.XX.1/): ISSUE: authtime 1726039567, etypes {rep=18 tkt=18 ses=18}, pegasus_prc/[email protected] for pegasus_prc/[email protected] Sep 11 15:26:47 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) [10.XXX.XX.1](http://10.XXX.XX.1/): ISSUE: authtime 1726039567, etypes {rep=18 tkt=18 ses=18}, pegasus_prc/[email protected] for pegasus_prc/[email protected] Sep 11 15:26:48 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): AS_REQ (6 etypes {18 17 16 23 25 26}) [10.XXX.XX.1](http://10.XXX.XX.1/): ISSUE: authtime 1726039608, etypes {rep=18 tkt=18 ses=18}, pegasus_prc/[email protected] for krbtgt/[email protected] Sep 11 15:27:48 [c4-hadoop-krb02.bj](http://c4-hadoop-krb02.bj/) krb5kdc[59974](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) [10.XXX.XX.1](http://10.XXX.XX.1/): ISSUE: authtime 1726039608, etypes {rep=18 tkt=18 ses=18}, pegasus_prc/[email protected] for pegasus_prc/[email protected] ``` I can see `TGS_REQ` here, so I think client(here is meta server,use sasl client side to pass the permission check on replica servers) can get TGT from KDC. And I check backup mate server, still have some error on it: ``` server_negotiation.cpp:137:do_challenge(): SERVER_NEGOTIATION(CLIENT=10.XXX.XX.1:55545): negotiation failed, with err = ERR_UNKNOWN, msg = ERR_UNKNOWN ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
