Hi Eugene Thanks for replying. Yes, the list given by ktutil is empty. But when I execute the principals.sh, it does not give any error on adding the principals. I have edited principals.sh to even add passwords with the addprinc command.
I just have a pseudo-distributed Hadoop 1.0.3 setup. So not sure if the instructions in the other link you gave will be useful or not. I am using principals.sh from this link < https://github.com/ekoontz/kerb-setup/blob/master/principals.sh> I also edited KADMIN_LOCAL to remove the sudo and have changed permissions appropriately to run kadmin.local as normal user. The reason for doing this was the principals get added with root/admin authentication otherwise. Also, the call to kinit and kinit -R (to renew tickets) need the $NORMAL_USER@$REALM; else it does not grant ticket. Regards, Prajakta On Mon, Oct 29, 2012 at 4:28 PM, Eugene Koontz <[email protected]> wrote: > On 10/29/12 6:29 PM, Prajakta Kalmegh wrote: > > Hi > > I am trying to configure Hadoop with Kerberos for running Giraph as > gives in < > https://cwiki.apache.org/confluence/display/GIRAPH/Quick+Start+-+Running+Giraph+with+Secure+Hadoop > > > > I am using Ubuntu 12.04 and installed krb5-kdc and krb5-admin-server. > Had to change principals.sh to use "kinit $NORMAL_USER@$REALM" for the > ticket granting to work. I also added the passwords for all services in > the addprinc commands. When I try to start my Hadoop 1.0.3 namenode, it > gives me the following connection refused error. > > > Hi Prajakta, > At some point, I need to go through that page and ensure make sure > everything works as expected. > You might also look at: > https://github.com/ekoontz/hadoop-conf/blob/master/README > > From your output below, it looks like the keytab does not have credentials > for the principal 'hdfs/[email protected]'. > > > Can you try: > > ktutil -k /home/saplabs/kerb-setup/services.keytab l > > (last character is a lowercase 'L') > > -Eugene > > --------------- > > 12/10/29 15:23:31 INFO namenode.NameNode: STARTUP_MSG: > /************************************************************ > STARTUP_MSG: Starting NameNode > STARTUP_MSG: host = sap-OptiPlex-755/127.0.1.1 > STARTUP_MSG: args = [] > STARTUP_MSG: version = 1.0.3 > STARTUP_MSG: build = > https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.0 -r > 1335192; compiled by 'hortonfo' on Tue May 8 20:31:25 UTC 2012 > ************************************************************/ > 12/10/29 15:23:31 INFO impl.MetricsConfig: loaded properties from > hadoop-metrics2.properties > 12/10/29 15:23:31 INFO impl.MetricsSourceAdapter: MBean for source > MetricsSystem,sub=Stats registered. > 12/10/29 15:23:31 INFO impl.MetricsSystemImpl: Scheduled snapshot period > at 10 second(s). > 12/10/29 15:23:31 INFO impl.MetricsSystemImpl: NameNode metrics system > started > 12/10/29 15:23:31 INFO impl.MetricsSourceAdapter: MBean for source ugi > registered. > 12/10/29 15:23:32 ERROR namenode.NameNode: java.io.IOException: Login > failure for hdfs/[email protected] from keytab > /home/saplabs/kerb-setup/services.keytab > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:630) > at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:298) > at > org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:264) > at > org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:496) > at > org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1279) > at > org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1288) > Caused by: javax.security.auth.login.LoginException: Connection refused > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:700) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703) > at javax.security.auth.login.LoginContext.login(LoginContext.java:575) > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:621) > ... 5 more > Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) > at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) > at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) > at java.net.Socket.connect(Socket.java:529) > at sun.security.krb5.internal.TCPClient.<init>(TCPClient.java:46) > at sun.security.krb5.KrbKdcReq$KdcCommunication.run(KrbKdcReq.java:343) > at java.security.AccessController.doPrivileged(Native Method) > at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:296) > at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:202) > at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:175) > at sun.security.krb5.KrbAsReq.send(KrbAsReq.java:431) > at sun.security.krb5.Credentials.sendASRequest(Credentials.java:400) > at sun.security.krb5.Credentials.acquireTGT(Credentials.java:350) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672) > ------------------------------------------------ > > > Any idea what could be going wrong here? > > Regards, > Prajakta > > > >
