[jira] [Created] (SPARK-45041) spark using --proxy-user GSS init failed when `hive.metastore.token.signature` not empty

Thu, 31 Aug 2023 17:15:52 -0700 

zzzzming95 created SPARK-45041:
----------------------------------

             Summary: spark using --proxy-user GSS init failed when 
`hive.metastore.token.signature` not empty
                 Key: SPARK-45041
                 URL: https://issues.apache.org/jira/browse/SPARK-45041
             Project: Spark
          Issue Type: Bug
          Components: SQL
    Affects Versions: 3.4.0
            Reporter: zzzzming95


In spark, we can using --proxy-user to proxy the other user in kerberos env. 
But we will make  GSS init failed exception when connect to hive metastore and 
`hive.metastore.token.signature` not empty.
{code:java}
```
spark-sql  --conf spark.driver.extraClassPath=/home/hive/conf   --proxy-user 
test_user 
```{code}

if we set conf in `hive-site.xml`
{code:java}
```
    <property>
       <name>hive.metastore.token.signature</name>
       <value>spark_delegation_token</value>
    </property>
```{code}
we will get 

 
{code:java}
```
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: 
No valid credentials provided (Mechanism level: Failed to find any Kerberos 
tgt)]
    at 
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
    at 
org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:95)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
    at 
org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:38)
    at 
org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
    at 
org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742)
    at 
org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
    at 
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:478)
    at 
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:245)
```{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to