Re: Solr Cloud Kerberos cookie rejected spnego

2019-06-24 Thread Rakesh Enjala 
Hi Team,

Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
below error

org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials
provided (Mechanism level: Server not found in Kerberos database (7)))
org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
[hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry: Illegal
domain attribute "". Domain of origin: "localhost"

enabled krb5 debug true and am able to find the actual problem is that
sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM
 not the localhost

solr.in.sh

SOLR_AUTH_TYPE="kerberos"
SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
-Djava.security.auth.login.config=/solr/jaas.conf
-Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
-Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
DOMAIN1.COM  -Dsolr.kerberos.keytab=/solr/HTTP.keytab"

Please help me out!
*Regards,*
*Rakesh Enjala*


On Sun, Jun 23, 2019 at 8:04 PM Rakesh Enjala 
wrote:

> Hi Team,
>
> Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
> below error
>
> org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
> error: No valid credentials provided (Mechanism level: No valid credentials
> provided (Mechanism level: Server not found in Kerberos database (7)))
> org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
> [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:
> Illegal domain attribute "". Domain of origin: "localhost"
>
> enabled krb5 debug true and am able to find the actual problem is that
> sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the
> localhost
>
> solr.in.sh
>
> SOLR_AUTH_TYPE="kerberos"
> SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
> -Djava.security.auth.login.config=/solr/jaas.conf
> -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
> -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
> DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
>
> Please help me out!
> *Regards,*
> *Rakesh Enjala*
>

Re: Solr Cloud Kerberos cookie rejected spnego

2019-06-23 Thread Kevin Risden 
I don't think a Kerberos ticket without the hostname makes sense. You
almost always need a valid hostname and DNS for Kerberos to work
successfully.

Kevin Risden


On Sun, Jun 23, 2019 at 10:54 AM Rakesh Enjala
 wrote:

> Hi Team,
>
> Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
> below error
>
> org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
> error: No valid credentials provided (Mechanism level: No valid credentials
> provided (Mechanism level: Server not found in Kerberos database (7)))
> org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
> [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:
> Illegal
> domain attribute "". Domain of origin: "localhost"
>
> enabled krb5 debug true and am able to find the actual problem is that
> sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the
> localhost
>
> solr.in.sh
>
> SOLR_AUTH_TYPE="kerberos"
>
> SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
> -Djava.security.auth.login.config=/solr/jaas.conf
> -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
> -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
> DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"
>
> Please help me out!
> *Regards,*
> *Rakesh Enjala*
>

Solr Cloud Kerberos cookie rejected spnego

2019-06-23 Thread Rakesh Enjala 
Hi Team,

Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting
below error

org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication
error: No valid credentials provided (Mechanism level: No valid credentials
provided (Mechanism level: Server not found in Kerberos database (7)))
org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected
[hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry: Illegal
domain attribute "". Domain of origin: "localhost"

enabled krb5 debug true and am able to find the actual problem is that
sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the
localhost

solr.in.sh

SOLR_AUTH_TYPE="kerberos"
SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin
-Djava.security.auth.login.config=/solr/jaas.conf
-Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain=
-Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@
DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab"

Please help me out!
*Regards,*
*Rakesh Enjala*