Sandor Molnar created AMBARI-23431:
--------------------------------------
Summary: After enabling Kerberos, the Ambari JAAS file is not
updated
Key: AMBARI-23431
URL: https://issues.apache.org/jira/browse/AMBARI-23431
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.7.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.7.0
After enabling Kerberos, the Ambari JAAS file is not updated. This leads to
various errors like collecting JXM data from services:
{noformat}
28 Mar 2018 15:40:29,041 WARN [ambari-metrics-retrieval-service-thread-4]
RequestTargetAuthentication:88 - NEGOTIATE authentication error: No valid
credentials provided (Mechanism level: No valid credentials provided (Mechanism
level: Attempt to obtain new INITIATE credentials fai
led! (null)))
28 Mar 2018 15:40:29,042 ERROR [ambari-metrics-retrieval-service-thread-4]
AppCookieManager:122 - SPNego authentication failed, can not get hadoop.auth
cookie for URL: http://c7401.ambari.apache.org:50070/jmx
28 Mar 2018 15:40:29,042 ERROR [ambari-metrics-retrieval-service-thread-5]
AppCookieManager:122 - SPNego authentication failed, can not get hadoop.auth
cookie for URL:
http://c7401.ambari.apache.org:50070/jmx?get=Hadoop:service=NameNode,name=FSNamesystem::tag.HAState
2
{noformat}
The JAAS file as {{/etc/ambari-server/conf/krb5JAASLogin.conf}} is expected to
be updated to match the created Kerberos identity for the Ambari server, but is
not:
The default values of
{noformat}
...
keyTab="/etc/security/keytabs/ambari.keytab"
principal="[email protected]"
...
{noformat}
Should have been changed to
{noformat}
...
keyTab="/etc/security/keytabs/ambari.server.keytab"
principal="[email protected]"
...
{noformat}
After manually fixing this and restarting Ambari, the JMX requests
authenticated properly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)