[jira] [Commented] (HADOOP-14350) Relative path for Kerberos keytab is not working on IBM JDK
[ https://issues.apache.org/jira/browse/HADOOP-14350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16011660#comment-16011660 ] Wen Yuan Chen commented on HADOOP-14350: Actually we are running Spark job on yarn application. Spark will copy the keytab to its working directory and pass the relative path to the login method. We are not able to configure Spark to use absolute path. > Relative path for Kerberos keytab is not working on IBM JDK > --- > > Key: HADOOP-14350 > URL: https://issues.apache.org/jira/browse/HADOOP-14350 > Project: Hadoop Common > Issue Type: Bug > Components: common, security >Affects Versions: 2.7.3 > Environment: IBM JDK >Reporter: Wen Yuan Chen > > For the sample code below: > public class TestKrb { > public static void main(String[] args) throws IOException { > String user = args[0], path = args[1]; > UserGroupInformation ugi = > UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, path); > System.out.println("Login successfully"); > } > } > When I use IBM JDK and pass a relative path for the Kerberos keytab, it will > throw error messages. According to the debug log, it always tries to read > the keytab from the root path. See the debug logs below: > 2017-04-19 02:29:13,982 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of successful > kerberos logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,990 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of failed kerberos > logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,991 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[GetGroups], valueName=Time) > 2017-04-19 02:29:13,992 DEBUG > [org.apache.hadoop.metrics2.impl.MetricsSystemImpl] - UgiMetrics, User and > group related metrics > [KRB_DBG_CFG] Config:main: Java config file: > /opt/ibm/java/jre/lib/security/krb5.conf > [KRB_DBG_CFG] Config:main: Loaded from Java config > 2017-04-19 02:29:14,175 DEBUG [org.apache.hadoop.security.Groups] - Creating > new Groups object > 2017-04-19 02:29:14,178 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Trying to load the custom-built native-hadoop library... > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Failed to load native-hadoop with error: java.lang.UnsatisfiedLinkError: > hadoop (Not found in java.library.path) > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > java.library.path=/opt/ibm/java/jre/lib/amd64/compressedrefs:/opt/ibm/java/jre/lib/amd64:/usr/lib64:/usr/lib > 2017-04-19 02:29:14,179 WARN [org.apache.hadoop.util.NativeCodeLoader] - > Unable to load native-hadoop library for your platform... using builtin-java > classes where applicable > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Falling > back to shell based > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Group > mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.util.Shell] - setsid exited > with exit code 0 > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.security.Groups] - Group > mapping > impl=org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback; > cacheTimeout=30; warningDeltaMs=5000 > IBMJGSSProvider Build-Level: -20161128 > [JGSS_DBG_CRED] main JAAS config: principal=job/analytics > [JGSS_DBG_CRED] main JAAS config: credsType=initiate and accept > [JGSS_DBG_CRED] main config: useDefaultCcache=false > [JGSS_DBG_CRED] main config: useCcache=null > [JGSS_DBG_CRED] main config: useDefaultKeytab=false > [JGSS_DBG_CRED] main config: useKeytab=//job.keytab > [JGSS_DBG_CRED] main JAAS config: forwardable=false (default) > [JGSS_DBG_CRED] main JAAS config: renewable=false (default) > [JGSS_DBG_CRED] main JAAS config: proxiable=false (default) > [JGSS_DBG_CRED] main JAAS config: tryFirstPass=false
[jira] [Commented] (HADOOP-14350) Relative path for Kerberos keytab is not working on IBM JDK
[ https://issues.apache.org/jira/browse/HADOOP-14350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16000305#comment-16000305 ] Wen Yuan Chen commented on HADOOP-14350: Can anyone help on this issue? > Relative path for Kerberos keytab is not working on IBM JDK > --- > > Key: HADOOP-14350 > URL: https://issues.apache.org/jira/browse/HADOOP-14350 > Project: Hadoop Common > Issue Type: Bug > Components: common, security >Affects Versions: 2.7.3 >Reporter: Wen Yuan Chen > > For the sample code below: > public class TestKrb { > public static void main(String[] args) throws IOException { > String user = args[0], path = args[1]; > UserGroupInformation ugi = > UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, path); > System.out.println("Login successfully"); > } > } > When I use IBM JDK and pass a relative path for the Kerberos keytab, it will > throw error messages. According to the debug log, it always tries to read > the keytab from the root path. See the debug logs below: > 2017-04-19 02:29:13,982 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of successful > kerberos logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,990 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of failed kerberos > logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,991 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[GetGroups], valueName=Time) > 2017-04-19 02:29:13,992 DEBUG > [org.apache.hadoop.metrics2.impl.MetricsSystemImpl] - UgiMetrics, User and > group related metrics > [KRB_DBG_CFG] Config:main: Java config file: > /opt/ibm/java/jre/lib/security/krb5.conf > [KRB_DBG_CFG] Config:main: Loaded from Java config > 2017-04-19 02:29:14,175 DEBUG [org.apache.hadoop.security.Groups] - Creating > new Groups object > 2017-04-19 02:29:14,178 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Trying to load the custom-built native-hadoop library... > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Failed to load native-hadoop with error: java.lang.UnsatisfiedLinkError: > hadoop (Not found in java.library.path) > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > java.library.path=/opt/ibm/java/jre/lib/amd64/compressedrefs:/opt/ibm/java/jre/lib/amd64:/usr/lib64:/usr/lib > 2017-04-19 02:29:14,179 WARN [org.apache.hadoop.util.NativeCodeLoader] - > Unable to load native-hadoop library for your platform... using builtin-java > classes where applicable > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Falling > back to shell based > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Group > mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.util.Shell] - setsid exited > with exit code 0 > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.security.Groups] - Group > mapping > impl=org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback; > cacheTimeout=30; warningDeltaMs=5000 > IBMJGSSProvider Build-Level: -20161128 > [JGSS_DBG_CRED] main JAAS config: principal=job/analytics > [JGSS_DBG_CRED] main JAAS config: credsType=initiate and accept > [JGSS_DBG_CRED] main config: useDefaultCcache=false > [JGSS_DBG_CRED] main config: useCcache=null > [JGSS_DBG_CRED] main config: useDefaultKeytab=false > [JGSS_DBG_CRED] main config: useKeytab=//job.keytab > [JGSS_DBG_CRED] main JAAS config: forwardable=false (default) > [JGSS_DBG_CRED] main JAAS config: renewable=false (default) > [JGSS_DBG_CRED] main JAAS config: proxiable=false (default) > [JGSS_DBG_CRED] main JAAS config: tryFirstPass=false (default) > [JGSS_DBG_CRED] main JAAS config: useFirstPass=false (default) > [JGSS_DBG_CRED] main JAAS config: moduleBanner=false (default) > [JGSS_DBG_CRED] main JAAS config: interactive login? no >
[jira] [Commented] (HADOOP-14350) Relative path for Kerberos keytab is not working on IBM JDK
[ https://issues.apache.org/jira/browse/HADOOP-14350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15984142#comment-15984142 ] Wen Yuan Chen commented on HADOOP-14350: I try Hadoop 2.8, but also get the same error messages. > Relative path for Kerberos keytab is not working on IBM JDK > --- > > Key: HADOOP-14350 > URL: https://issues.apache.org/jira/browse/HADOOP-14350 > Project: Hadoop Common > Issue Type: Bug > Components: common, security >Affects Versions: 2.7.3 >Reporter: Wen Yuan Chen > > For the sample code below: > public class TestKrb { > public static void main(String[] args) throws IOException { > String user = args[0], path = args[1]; > UserGroupInformation ugi = > UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, path); > System.out.println("Login successfully"); > } > } > When I use IBM JDK and pass a relative path for the Kerberos keytab, it will > throw error messages. According to the debug log, it always tries to read > the keytab from the root path. See the debug logs below: > 2017-04-19 02:29:13,982 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of successful > kerberos logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,990 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of failed kerberos > logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,991 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[GetGroups], valueName=Time) > 2017-04-19 02:29:13,992 DEBUG > [org.apache.hadoop.metrics2.impl.MetricsSystemImpl] - UgiMetrics, User and > group related metrics > [KRB_DBG_CFG] Config:main: Java config file: > /opt/ibm/java/jre/lib/security/krb5.conf > [KRB_DBG_CFG] Config:main: Loaded from Java config > 2017-04-19 02:29:14,175 DEBUG [org.apache.hadoop.security.Groups] - Creating > new Groups object > 2017-04-19 02:29:14,178 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Trying to load the custom-built native-hadoop library... > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Failed to load native-hadoop with error: java.lang.UnsatisfiedLinkError: > hadoop (Not found in java.library.path) > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > java.library.path=/opt/ibm/java/jre/lib/amd64/compressedrefs:/opt/ibm/java/jre/lib/amd64:/usr/lib64:/usr/lib > 2017-04-19 02:29:14,179 WARN [org.apache.hadoop.util.NativeCodeLoader] - > Unable to load native-hadoop library for your platform... using builtin-java > classes where applicable > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Falling > back to shell based > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Group > mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.util.Shell] - setsid exited > with exit code 0 > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.security.Groups] - Group > mapping > impl=org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback; > cacheTimeout=30; warningDeltaMs=5000 > IBMJGSSProvider Build-Level: -20161128 > [JGSS_DBG_CRED] main JAAS config: principal=job/analytics > [JGSS_DBG_CRED] main JAAS config: credsType=initiate and accept > [JGSS_DBG_CRED] main config: useDefaultCcache=false > [JGSS_DBG_CRED] main config: useCcache=null > [JGSS_DBG_CRED] main config: useDefaultKeytab=false > [JGSS_DBG_CRED] main config: useKeytab=//job.keytab > [JGSS_DBG_CRED] main JAAS config: forwardable=false (default) > [JGSS_DBG_CRED] main JAAS config: renewable=false (default) > [JGSS_DBG_CRED] main JAAS config: proxiable=false (default) > [JGSS_DBG_CRED] main JAAS config: tryFirstPass=false (default) > [JGSS_DBG_CRED] main JAAS config: useFirstPass=false (default) > [JGSS_DBG_CRED] main JAAS config: moduleBanner=false (default) > [JGSS_DBG_CRED] main JAAS config: interactive
[jira] [Commented] (HADOOP-14350) Relative path for Kerberos keytab is not working on IBM JDK
[ https://issues.apache.org/jira/browse/HADOOP-14350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15982317#comment-15982317 ] Wen Yuan Chen commented on HADOOP-14350: java version "1.8.0" Java(TM) SE Runtime Environment (build pxa6480sr4fp1-20170215_01(SR4 FP1)) IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170209_336038 (JIT enabled, AOT enabled) J9VM - R28_20170209_0201_B336038 JIT - tr.r14.java.green_20170125_131456 GC - R28_20170209_0201_B336038_CMPRSS J9CL - 20170209_336038) JCL - 20170215_01 based on Oracle jdk8u121-b13 > Relative path for Kerberos keytab is not working on IBM JDK > --- > > Key: HADOOP-14350 > URL: https://issues.apache.org/jira/browse/HADOOP-14350 > Project: Hadoop Common > Issue Type: Bug > Components: common, security >Affects Versions: 2.7.3 >Reporter: Wen Yuan Chen >Priority: Blocker > > For the sample code below: > public class TestKrb { > public static void main(String[] args) throws IOException { > String user = args[0], path = args[1]; > UserGroupInformation ugi = > UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, path); > System.out.println("Login successfully"); > } > } > When I use IBM JDK and pass a relative path for the Kerberos keytab, it will > throw error messages. According to the debug log, it always tries to read > the keytab from the root path. See the debug logs below: > 2017-04-19 02:29:13,982 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of successful > kerberos logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,990 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[Rate of failed kerberos > logins and latency (milliseconds)], valueName=Time) > 2017-04-19 02:29:13,991 DEBUG > [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field > org.apache.hadoop.metrics2.lib.MutableRate > org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with > annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, > sampleName=Ops, always=false, type=DEFAULT, value=[GetGroups], valueName=Time) > 2017-04-19 02:29:13,992 DEBUG > [org.apache.hadoop.metrics2.impl.MetricsSystemImpl] - UgiMetrics, User and > group related metrics > [KRB_DBG_CFG] Config:main: Java config file: > /opt/ibm/java/jre/lib/security/krb5.conf > [KRB_DBG_CFG] Config:main: Loaded from Java config > 2017-04-19 02:29:14,175 DEBUG [org.apache.hadoop.security.Groups] - Creating > new Groups object > 2017-04-19 02:29:14,178 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Trying to load the custom-built native-hadoop library... > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > Failed to load native-hadoop with error: java.lang.UnsatisfiedLinkError: > hadoop (Not found in java.library.path) > 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - > java.library.path=/opt/ibm/java/jre/lib/amd64/compressedrefs:/opt/ibm/java/jre/lib/amd64:/usr/lib64:/usr/lib > 2017-04-19 02:29:14,179 WARN [org.apache.hadoop.util.NativeCodeLoader] - > Unable to load native-hadoop library for your platform... using builtin-java > classes where applicable > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Falling > back to shell based > 2017-04-19 02:29:14,180 DEBUG > [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Group > mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.util.Shell] - setsid exited > with exit code 0 > 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.security.Groups] - Group > mapping > impl=org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback; > cacheTimeout=30; warningDeltaMs=5000 > IBMJGSSProvider Build-Level: -20161128 > [JGSS_DBG_CRED] main JAAS config: principal=job/analytics > [JGSS_DBG_CRED] main JAAS config: credsType=initiate and accept > [JGSS_DBG_CRED] main config: useDefaultCcache=false > [JGSS_DBG_CRED] main config: useCcache=null > [JGSS_DBG_CRED] main config: useDefaultKeytab=false > [JGSS_DBG_CRED] main config: useKeytab=//job.keytab > [JGSS_DBG_CRED] main JAAS config: forwardable=false (default) >
[jira] [Created] (HADOOP-14350) Relative path for Kerberos keytab is not working on IBM JDK
Wen Yuan Chen created HADOOP-14350: -- Summary: Relative path for Kerberos keytab is not working on IBM JDK Key: HADOOP-14350 URL: https://issues.apache.org/jira/browse/HADOOP-14350 Project: Hadoop Common Issue Type: Bug Components: common, security Affects Versions: 2.7.3 Reporter: Wen Yuan Chen Priority: Blocker For the sample code below: public class TestKrb { public static void main(String[] args) throws IOException { String user = args[0], path = args[1]; UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, path); System.out.println("Login successfully"); } } When I use IBM JDK and pass a relative path for the Kerberos keytab, it will throw error messages. According to the debug log, it always tries to read the keytab from the root path. See the debug logs below: 2017-04-19 02:29:13,982 DEBUG [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, sampleName=Ops, always=false, type=DEFAULT, value=[Rate of successful kerberos logins and latency (milliseconds)], valueName=Time) 2017-04-19 02:29:13,990 DEBUG [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, sampleName=Ops, always=false, type=DEFAULT, value=[Rate of failed kerberos logins and latency (milliseconds)], valueName=Time) 2017-04-19 02:29:13,991 DEBUG [org.apache.hadoop.metrics2.lib.MutableMetricsFactory] - field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with annotation @org.apache.hadoop.metrics2.annotation.Metric(about=, sampleName=Ops, always=false, type=DEFAULT, value=[GetGroups], valueName=Time) 2017-04-19 02:29:13,992 DEBUG [org.apache.hadoop.metrics2.impl.MetricsSystemImpl] - UgiMetrics, User and group related metrics [KRB_DBG_CFG] Config:main: Java config file: /opt/ibm/java/jre/lib/security/krb5.conf [KRB_DBG_CFG] Config:main: Loaded from Java config 2017-04-19 02:29:14,175 DEBUG [org.apache.hadoop.security.Groups] - Creating new Groups object 2017-04-19 02:29:14,178 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - Trying to load the custom-built native-hadoop library... 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - Failed to load native-hadoop with error: java.lang.UnsatisfiedLinkError: hadoop (Not found in java.library.path) 2017-04-19 02:29:14,179 DEBUG [org.apache.hadoop.util.NativeCodeLoader] - java.library.path=/opt/ibm/java/jre/lib/amd64/compressedrefs:/opt/ibm/java/jre/lib/amd64:/usr/lib64:/usr/lib 2017-04-19 02:29:14,179 WARN [org.apache.hadoop.util.NativeCodeLoader] - Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 2017-04-19 02:29:14,180 DEBUG [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Falling back to shell based 2017-04-19 02:29:14,180 DEBUG [org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback] - Group mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.util.Shell] - setsid exited with exit code 0 2017-04-19 02:29:14,334 DEBUG [org.apache.hadoop.security.Groups] - Group mapping impl=org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback; cacheTimeout=30; warningDeltaMs=5000 IBMJGSSProvider Build-Level: -20161128 [JGSS_DBG_CRED] main JAAS config: principal=job/analytics [JGSS_DBG_CRED] main JAAS config: credsType=initiate and accept [JGSS_DBG_CRED] main config: useDefaultCcache=false [JGSS_DBG_CRED] main config: useCcache=null [JGSS_DBG_CRED] main config: useDefaultKeytab=false [JGSS_DBG_CRED] main config: useKeytab=//job.keytab [JGSS_DBG_CRED] main JAAS config: forwardable=false (default) [JGSS_DBG_CRED] main JAAS config: renewable=false (default) [JGSS_DBG_CRED] main JAAS config: proxiable=false (default) [JGSS_DBG_CRED] main JAAS config: tryFirstPass=false (default) [JGSS_DBG_CRED] main JAAS config: useFirstPass=false (default) [JGSS_DBG_CRED] main JAAS config: moduleBanner=false (default) [JGSS_DBG_CRED] main JAAS config: interactive login? no [JGSS_DBG_CRED] main JAAS config: refreshKrb5Config = true [KRB_DBG_CFG] Config:main: Java config file: /opt/ibm/java/jre/lib/security/krb5.conf [KRB_DBG_CFG] Config:main: Loaded from Java config [KRB_DBG_KDC] KdcComm:main: >>> KdcAccessibility: reset [KRB_DBG_KDC] KdcComm:main: >>> KdcAccessibility: reset [JGSS_DBG_CRED] main Try keytab for principal=job/analytics
[jira] [Commented] (HADOOP-9969) TGT expiration doesn't trigger Kerberos relogin
[ https://issues.apache.org/jira/browse/HADOOP-9969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15871297#comment-15871297 ] Wen Yuan Chen commented on HADOOP-9969: --- Any update on this issue? I meet the same issue on Hadoop 2.7.3 with IBM JDK 1.8 > TGT expiration doesn't trigger Kerberos relogin > --- > > Key: HADOOP-9969 > URL: https://issues.apache.org/jira/browse/HADOOP-9969 > Project: Hadoop Common > Issue Type: Bug > Components: ipc, security >Affects Versions: 2.1.0-beta, 2.5.0, 2.5.2, 2.6.0, 2.6.1, 2.8.0, 2.7.1, > 2.6.2, 2.6.3 > Environment: IBM JDK7 >Reporter: Yu Gao > Attachments: HADOOP-9969.patch, JobTracker.log > > > In HADOOP-9698 & HADOOP-9850, RPC client and Sasl client have been changed to > respect the auth method advertised from server, instead of blindly attempting > the configured one at client side. However, when TGT has expired, an > exception will be thrown from SaslRpcClient#createSaslClient(SaslAuth > authType), and at this time the authMethod still holds the initial value > which is SIMPLE and never has a chance to be updated with the expected one > requested by server, so kerberos relogin will not happen. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org