It's always the way. Once you've put your config onto a public mailing
list, that's when you discover the glaring error.
I had simply missed a pair of quotes around the JVM_ARGS variable:
JVM_ARGS=-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config=conf/jaas_hive.conf
-Djava.security.krb5.conf=/etc/krb5.conf -Dsun.security.krb5.debug=true
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontext
Once I replaced it with:
JVM_ARGS="-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config=conf/jaas_hive.conf
-Djava.security.krb5.conf=/etc/krb5.conf -Dsun.security.krb5.debug=true
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontex"
... I immediately got the debug output that I was expecting and the Jaas
configuration was applied.
Now I have a different error about SASL negotiation to address.
2022-01-18 22:10:12,105 ERROR - [main:] ~ SASL negotiation failure
(TSaslTransport:315)
javax.security.sasl.SaslException: No common protection layer between
client and server
Kind regards to anyone reading this,
Ben
On 18/01/2022 15:51, Ben Tullis wrote:
Hello,
I wonder if you can help me please. I've set up a pre-production Atlas
server (I have tried 2.2 and I am currently on 3.0.0-SNAPSHOT) and I'm
attempting to import metadata from Hive with the import-hive.sh
script. Our Hive instance is Kerberized and whatever I do I cannot
seem to connect successfully.
--
*Ben Tullis*(he/him)
Senior Site Reliability Engineer
Wikimedia Foundation <https://wikimediafoundation.org/>
