[jira] [Created] (FLINK-5579) Kerberos not working for Kafka connector using ticket cache

[Tzu-Li (Gordon) Tai (JIRA)]

Tzu-Li (Gordon) Tai created FLINK-5579:
------------------------------------------

             Summary: Kerberos not working for Kafka connector using ticket 
cache
                 Key: FLINK-5579
                 URL: https://issues.apache.org/jira/browse/FLINK-5579
             Project: Flink
          Issue Type: Bug
          Components: Security, YARN
            Reporter: Tzu-Li (Gordon) Tai
            Assignee: Tzu-Li (Gordon) Tai
            Priority: Critical


The Kerberos ticket cache doesn't seem to be picked up / sent to TaskManager 
containers when using the Kafka connector when deployed on YARN (when deployed 
using standalone, this works normally).

```
Caused by: org.apache.kafka.common.KafkaException: 
javax.security.auth.login.LoginException: Unable to obtain Princpal Name for 
authentication
        at 
org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:74)
        at 
org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
        at 
org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:79)
        at 
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
        ... 23 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain Princpal 
Name for authentication
        at 
com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:804)
        at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:675)
        at 
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:588)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
        at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
        at org.apache.kafka.common.security.kerberos.Login.login(Login.java:298)
        at 
org.apache.kafka.common.security.kerberos.Login.<init>(Login.java:104)
        at 
org.apache.kafka.common.security.kerberos.LoginManager.<init>(LoginManager.java:44)
        at 
org.apache.kafka.common.security.kerberos.LoginManager.acquireLoginManager(LoginManager.java:85)
        at 
org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:55)
        ... 26 more
```



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)