[
https://issues.apache.org/jira/browse/HIVE-28042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17812191#comment-17812191
]
Vikram Ahuja commented on HIVE-28042:
-------------------------------------
The tokenStore has zookeeper, DB and memory based implementations. We are using
Zookeeper based implementation in our scenarios. However this issue is
regardless of the implementations as TokenStore's implementation(zookeeper, DB
and memory). The expiry thread that is removing token is also removing tokens
post renewal date irrespective of tokenStore Implementation. The issue will
exist will all implementations of tokenStores.
> DigestMD5 token expired or does not exist error while opening a new
> connection to HMS
> -------------------------------------------------------------------------------------
>
> Key: HIVE-28042
> URL: https://issues.apache.org/jira/browse/HIVE-28042
> Project: Hive
> Issue Type: Bug
> Reporter: Vikram Ahuja
> Assignee: Vikram Ahuja
> Priority: Major
>
> Hello,
> In our deployment we are facing the following exception in the HMS logs when
> a HMS connection is opened from the HS2 in cases where a session is open for
> a long time leading to query failures:
> {code:java}
> 2024-01-24T02:11:21,324 ERROR [TThreadPoolServer WorkerProcess-760394]:
> transport.TSaslTransport (TSaslTransport.java:open) - SASL negotiation
> failurejavax.security.sasl.SaslException: DIGEST-MD5: IO error acquiring
> password
> at
> com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java)
>
> at
> com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java)
>
> at
> org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java)
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java)
>
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java)
>
> at
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java)
>
> at
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.javA)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java)
>
> at
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java)
>
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java)
>
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java)
>
> at java.lang.Thread.run(Thread.java)Caused by:
> org.apache.hadoop.security.token.SecretManager$InvalidToken: token expired or
> does not exist: HIVE_DELEGATION_TOKEN owner=***, renewer=***,
> realUser=*****************, issueDate=1705973286139, maxDate=1706578086139,
> sequenceNumber=3294063, masterKeyId=7601
> at
> org.apache.hadoop.hive.metastore.security.TokenStoreDelegationTokenSecretManager.retrievePassword(TokenStoreDelegationTokenSecretManager.java)
>
> at
> org.apache.hadoop.hive.metastore.security.TokenStoreDelegationTokenSecretManager.retrievePassword(TokenStoreDelegationTokenSecretManager.java)
>
> at
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$SaslDigestCallbackHandler.getPassword(HadoopThriftAuthBridge.java)
>
> at
> org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$SaslDigestCallbackHandler.handle(HadoopThriftAuthBridge.java)
>
> at
> com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java)
> ... 15 more {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
