[
https://issues.apache.org/jira/browse/DRILL-5433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15968262#comment-15968262
]
Parag Darji commented on DRILL-5433:
------------------------------------
Yes all hadoop services are running fine (hdfs yarn hive hbase Kafka storm and
more).
But none of them are running as user "drill".
Drill is just not working with kerberos (or the way we are passing the
parameters in the sqlline command).
> Authentication failed: Server requires authentication using [kerberos, plain]
> -----------------------------------------------------------------------------
>
> Key: DRILL-5433
> URL: https://issues.apache.org/jira/browse/DRILL-5433
> Project: Apache Drill
> Issue Type: Task
> Components: Functions - Drill
> Affects Versions: 1.10.0
> Environment: OS: Redhat Linux 6.7, HDP 2.5.3, Kerberos enabled,
> Hardware: VmWare
> Reporter: Parag Darji
> Priority: Minor
> Labels: newbie, security
> Fix For: 1.10.0
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> I've setup Apace drill 1.10.0 on RHEL 6.7, HDP 2.5.3, kerberos enabled
> I'm getting below error while running "drill-conf" or sqlline as user "drill"
> which is configured in the "drill-override.conf" file.
> {code}
> drill@host:/opt/drill/bin> drill-conf
> Error: Failure in connecting to Drill:
> org.apache.drill.exec.rpc.NonTransientRpcException:
> javax.security.sasl.SaslException: Authentication failed: Server requires
> authentication using [kerberos, plain]. Insufficient credentials? [Caused by
> javax.security.sasl.SaslException: Server requires authentication using
> [kerberos, plain]. Insufficient credentials?] (state=,code=0)
> java.sql.SQLException: Failure in connecting to Drill:
> org.apache.drill.exec.rpc.NonTransientRpcException:
> javax.security.sasl.SaslException: Authentication failed: Server requires
> authentication using [kerberos, plain]. Insufficient credentials? [Caused by
> javax.security.sasl.SaslException: Server requires authentication using
> [kerberos, plain]. Insufficient credentials?]
> at
> org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:166)
> at
> org.apache.drill.jdbc.impl.DrillJdbc41Factory.newDrillConnection(DrillJdbc41Factory.java:72)
> at
> org.apache.drill.jdbc.impl.DrillFactory.newConnection(DrillFactory.java:69)
> at
> org.apache.calcite.avatica.UnregisteredDriver.connect(UnregisteredDriver.java:143)
> at org.apache.drill.jdbc.Driver.connect(Driver.java:72)
> at sqlline.DatabaseConnection.connect(DatabaseConnection.java:167)
> at
> sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:213)
> at sqlline.Commands.connect(Commands.java:1083)
> at sqlline.Commands.connect(Commands.java:1015)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36)
> at sqlline.SqlLine.dispatch(SqlLine.java:742)
> at sqlline.SqlLine.initArgs(SqlLine.java:528)
> at sqlline.SqlLine.begin(SqlLine.java:596)
> at sqlline.SqlLine.start(SqlLine.java:375)
> at sqlline.SqlLine.main(SqlLine.java:268)
> Caused by: org.apache.drill.exec.rpc.NonTransientRpcException:
> javax.security.sasl.SaslException: Authentication failed: Server requires
> authentication using [kerberos, plain]. Insufficient credentials? [Caused by
> javax.security.sasl.SaslException: Server requires authentication using
> [kerberos, plain]. Insufficient credentials?]
> at
> org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:157)
> at
> org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:432)
> at
> org.apache.drill.exec.client.DrillClient.connect(DrillClient.java:379)
> at
> org.apache.drill.jdbc.impl.DrillConnectionImpl.<init>(DrillConnectionImpl.java:157)
> ... 18 more
> Caused by: javax.security.sasl.SaslException: Authentication failed: Server
> requires authentication using [kerberos, plain]. Insufficient credentials?
> [Caused by javax.security.sasl.SaslException: Server requires authentication
> using [kerberos, plain]. Insufficient credentials?]
> at
> org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:204)
> at
> org.apache.drill.exec.rpc.user.UserClient$3.mapException(UserClient.java:197)
> at
> com.google.common.util.concurrent.AbstractCheckedFuture.checkedGet(AbstractCheckedFuture.java:85)
> at
> org.apache.drill.exec.rpc.user.UserClient.connect(UserClient.java:155)
> ... 21 more
> Caused by: javax.security.sasl.SaslException: Server requires authentication
> using [kerberos, plain]. Insufficient credentials?
> at
> org.apache.drill.exec.rpc.user.UserClient.getAuthenticatorFactory(UserClient.java:285)
> at
> org.apache.drill.exec.rpc.user.UserClient.authenticate(UserClient.java:216)
> ... 22 more
> apache drill 1.10.0
> "this isn't your grandfather's sql"
> {code}
> Same error when running below command:
> {code}
> sqlline --maxWidth=10000 -u
> "jdbc:drill:drillbit=host1.fqdn;auth=kerberos;principal=drill/[email protected]"
> {code}
> "Drill" user has has valid keytab/ticket.
> The Drill UI is working fine with local authentication.
> drill-override.conf file:
> {code}
> drill.exec: {
> cluster-id: "drillbits1",
> zk.connect: "host1.fqdn:2181,host2.fqdn:2181,host3.fqdn:2181",
> security: {
> user.auth.enabled: true,
> user.auth.impl: "pam",
> user.auth.pam_profiles: [ "sudo", "login" ],
> packages += "org.apache.drill.exec.rpc.user.security",
> auth.mechanisms: ["KERBEROS","PLAIN"],
> auth.principal: "drill/[email protected]",
> auth.keytab: "/opt/drill/.keytab/drill.keytab"
> }
> }
> {code}
> {code}
> cat drill-env.sh | egrep -v '^#|^$'
> export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pam/JPam-1.1/"
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
