Alexandre Linte created HIVE-15052: -------------------------------------- Summary: Webhcat can't handle "_HOST" in templeton.kerberos.principal Key: HIVE-15052 URL: https://issues.apache.org/jira/browse/HIVE-15052 Project: Hive Issue Type: Bug Components: WebHCat Affects Versions: 2.1.0 Environment: Hive 2.1.0, Hadoop 2.7.2 Reporter: Alexandre Linte
WebHCat fails to start when the property "templeton.kerberos.principal" doesn't contain the FQDN. The following will create an error {noformat} <property> <name>templeton.kerberos.principal</name> <value>webhcat/_HOST@SANDBOX.HADOOP</value> <description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description> </property> {noformat} The following will work: {noformat} <property> <name>templeton.kerberos.principal</name> <value>webhcat/webhcat.bigdata.fr@SANDBOX.HADOOP</value> <description>The Kerberos principal to used by the server. As stated by the Kerberos SPNEGO specification, it should be USER/${HOSTNAME}@{REALM}. It does not have a default value.</description> </property> {noformat} The error produced when _HOST is used is: {noformat} Oct 25 10:35:03 webhcat.bigdata.fr webhcat ERROR - org.apache.hive.hcatalog.templeton.MainServer failed to start: java.io.IOException: Login failure for webhcat/_HOST@SANDBOX.HADOOP from keytab /opt/application/Hive/current/hcatalog/keytabs/webhcat.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962) ~[hadoop-common-2.7.2.jar:?] at org.apache.hive.hcatalog.templeton.Main.runServer(Main.java:169) ~[hive-webhcat-2.1.0.jar:2.1.0] at org.apache.hive.hcatalog.templeton.Main.run(Main.java:123) [hive-webhcat-2.1.0.jar:2.1.0] at org.apache.hive.hcatalog.templeton.Main.main(Main.java:306) [hive-webhcat-2.1.0.jar:2.1.0] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101] at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101] at org.apache.hadoop.util.RunJar.run(RunJar.java:221) [hadoop-common-2.7.2.jar:?] at org.apache.hadoop.util.RunJar.main(RunJar.java:136) [hadoop-common-2.7.2.jar:?] Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856) ~[?:1.7.0_101] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719) ~[?:1.7.0_101] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) ~[?:1.7.0_101] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_101] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_101] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_101] at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) ~[?:1.7.0_101] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) ~[?:1.7.0_101] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) ~[?:1.7.0_101] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) ~[?:1.7.0_101] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.7.0_101] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) ~[?:1.7.0_101] at javax.security.auth.login.LoginContext.login(LoginContext.java:595) ~[?:1.7.0_101] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953) ~[hadoop-common-2.7.2.jar:?] ... 9 more {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)