[jira] [Commented] (AMBARI-21303) Enabling Hive for PAM causes errors constantly logged in HS2

Thu, 22 Jun 2017 09:58:18 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-21303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16059685#comment-16059685
 ] 

Ying Chen commented on AMBARI-21303:
------------------------------------

Main issue was observed in hive_check.py.  Fixing that fixes the error 
generation.  (PAM using password_auth) 
Current change reuses the alert_ldap_username and alert_ldap_password, so that 
the labeling was changed to be more generic.  In addition, stack_advisor.py was 
changed so that it will require these two fields to be filled in when user 
enabled PAM for Hive server2 authentication. 

> Enabling Hive for PAM causes errors constantly logged in HS2
> ------------------------------------------------------------
>
>                 Key: AMBARI-21303
>                 URL: https://issues.apache.org/jira/browse/AMBARI-21303
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk
>         Environment: RHEL 7.3
>            Reporter: Ying Chen
>            Assignee: Ying Chen
>            Priority: Minor
>         Attachments: AMBARI-21303.patch
>
>
> Using Ambari 2.5.03 from HDP 2.6.1.0
> Enabling Hive authentication = PAM causes errors to be logged to 
> hiveserver2.log (every 3 minutes).  
> 2017-06-21 16:21:13,519 ERROR [HiveServer2-Handler-Pool: Thread-47]: 
> transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation 
> failure
> javax.security.sasl.SaslException: Error validating the login [Caused by 
> javax.security.sasl.AuthenticationException: Error authenticating with the 
> PAM service: password-auth]
>         at 
> org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
>         at 
> org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
>         at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
>         at 
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
>         at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
>         at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.security.sasl.AuthenticationException: Error authenticating 
> with the PAM service: password-auth
>         at 
> org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:46)
>         at 
> org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
>         at 
> org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
>         ... 8 more
> etc. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to