Also, setting -Dsun.security.krb5.debug=true when you launch your Java
application will give you lots of very helpful information about what is
happening "under the hood".
Sanooj Padmakumar wrote:
Thanks Josh and everyone else .. Shall try this suggestion
On 22 Mar 2016 09:36, "Josh Elser" ma
Thanks Josh and everyone else .. Shall try this suggestion
On 22 Mar 2016 09:36, "Josh Elser" wrote:
> Keytab-based logins do not automatically spawn a renewal thread in
> Hadoop's UserGroupInformation library, IIRC. HBase's RPC implementation
> does try to automatically re-login, but if you are
Keytab-based logins do not automatically spawn a renewal thread in
Hadoop's UserGroupInformation library, IIRC. HBase's RPC implementation
does try to automatically re-login, but if you are not actively making
RPCs, you may miss the window in which you are allowed to perform a renewal.
Commonl
This is the error in the log when it fails
ERROR org.apache.hadoop.security.UserGroupInformation -
PriviledgedActionException as: (auth:KERBEROS)
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any
Where do you see this error? Is it the client side? Ideally you don't
need to renew ticket since Phoenix Driver gets the required
information (principal name and keytab path) from jdbc connection
string and performs User.login itself.
Thanks,
Sergey
On Wed, Mar 16, 2016 at 11:02 AM, Sanooj Padmak
Hi Anil
Thanks for your reply.
We do not do anything explicitly in the code to do the ticket renwal , what
we do is run a cron job for the user for which the ticket has to be
renewed. But with this approach we need a restart to get the thing going
after the ticket expiry
We use the following co
Hi,
At my previous job, we had web-services fetching data from a secure hbase
cluster. We never needed to renew the lease by restarting webserver. Our
app used to renew the ticket. I think, Phoenix/HBase already handles
renewing ticket. Maybe you need to look into your kerberos environment
setting
Hi
We have a rest style micro service application fetching data from hbase
using Phoenix. The cluster is kerberos secured and we run a cron to renew
the kerberos ticket on the machine where the micro service is deployed.
But it always needs a restart of micro service java process to get the
kerbe