Alexandre Linte created HIVE-15052:
--------------------------------------
Summary: Webhcat can't handle "_HOST" in
templeton.kerberos.principal
Key: HIVE-15052
URL: https://issues.apache.org/jira/browse/HIVE-15052
Project: Hive
Issue Type: Bug
Components: WebHCat
Affects Versions: 2.1.0
Environment: Hive 2.1.0, Hadoop 2.7.2
Reporter: Alexandre Linte
WebHCat fails to start when the property "templeton.kerberos.principal" doesn't
contain the FQDN. The following will create an error
{noformat}
<property>
<name>templeton.kerberos.principal</name>
<value>webhcat/_HOST@SANDBOX.HADOOP</value>
<description>The Kerberos principal to used by the server. As
stated by the Kerberos SPNEGO specification, it should be
USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
</property>
{noformat}
The following will work:
{noformat}
<property>
<name>templeton.kerberos.principal</name>
<value>webhcat/webhcat.bigdata.fr@SANDBOX.HADOOP</value>
<description>The Kerberos principal to used by the server. As
stated by the Kerberos SPNEGO specification, it should be
USER/${HOSTNAME}@{REALM}. It does not have a default value.</description>
</property>
{noformat}
The error produced when _HOST is used is:
{noformat}
Oct 25 10:35:03 webhcat.bigdata.fr webhcat ERROR -
org.apache.hive.hcatalog.templeton.MainServer failed to start:
java.io.IOException: Login failure for webhcat/_HOST@SANDBOX.HADOOP from keytab
/opt/application/Hive/current/hcatalog/keytabs/webhcat.keytab:
javax.security.auth.login.LoginException: Unable to obtain password from user
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
~[hadoop-common-2.7.2.jar:?]
at org.apache.hive.hcatalog.templeton.Main.runServer(Main.java:169)
~[hive-webhcat-2.1.0.jar:2.1.0]
at org.apache.hive.hcatalog.templeton.Main.run(Main.java:123)
[hive-webhcat-2.1.0.jar:2.1.0]
at org.apache.hive.hcatalog.templeton.Main.main(Main.java:306)
[hive-webhcat-2.1.0.jar:2.1.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_101]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_101]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_101]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
[hadoop-common-2.7.2.jar:?]
at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
[hadoop-common-2.7.2.jar:?]
Caused by: javax.security.auth.login.LoginException: Unable to obtain password
from user
at
com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856)
~[?:1.7.0_101]
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719)
~[?:1.7.0_101]
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584)
~[?:1.7.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_101]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_101]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_101]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
~[?:1.7.0_101]
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
~[?:1.7.0_101]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
~[?:1.7.0_101]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
~[?:1.7.0_101]
at java.security.AccessController.doPrivileged(Native Method)
~[?:1.7.0_101]
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
~[?:1.7.0_101]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
~[?:1.7.0_101]
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
~[hadoop-common-2.7.2.jar:?]
... 9 more
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
