Does your java app has JCE installed with unlimited encryption strength? -Mikhail
On Wed, Feb 11, 2015 at 4:52 PM, Jiten Gore <[email protected]> wrote: > Hi Dima, > > Thanks for the prompt response. > > Here's what we are doing and the error we are seeing: > > Code: > System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); > final Configuration hBaseConfig = HBaseConfiguration.create(); > hBaseConfig.setInt("timeout", 120000); > hBaseConfig.set("hbase.zookeeper.quorum", "*************"); > hBaseConfig.set("hbase.zookeeper.property.clientPort", "2181"); > hBaseConfig.set("hadoop.security.authentication", "kerberos"); > hBaseConfig.set("hbase.security.authentication", "kerberos"); > hBaseConfig.set("hbase.master.kerberos.principal", "*****************"); > hBaseConfig.set("hbase.regionserver.kerberos.principal", > "*******************"); > hBaseConfig.set("hbase.master.keytab.file", "hbase.keytab"); > hBaseConfig.set("hbase.regionserver.keytab.file", "hbase.keytab"); > UserGroupInformation.setConfiguration(hBaseConfig); > > UserGroupInformation ugi = > UserGroupInformation.loginUserFromKeytabAndReturnUGI("principle_name", > "user.keytab"); > > > > Error: > > Exception in thread "main" java.io.IOException: Login failure for > <PRINCIPAL_NAME> from keytab > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1008) > at Kerberos.KerberosAuthentication.App.hbase(App.java:32) > at Kerberos.KerberosAuthentication.App.main(App.java:15) > Caused by: javax.security.auth.login.LoginException: null (68) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:763) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) > at javax.security.auth.login.LoginContext.login(LoginContext.java:595) > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:997) > ... 2 more > Caused by: KrbException: null (68) > at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76) > at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319) > at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:364) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:735) > ... 15 more > Caused by: KrbException: Identifier doesn't match expected value (906) > at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143) > at sun.security.krb5.internal.ASRep.init(ASRep.java:65) > at sun.security.krb5.internal.ASRep.<init>(ASRep.java:60) > at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) > Sent from my iPhone > >> On Feb 11, 2015, at 10:56 AM, Dima Spivak <[email protected]> wrote: >> >> Hey Jiten, >> >> Have you followed the steps outlined in >> http://hbase.apache.org/book.html#hbase.secure.configuration ? What issues >> are you seeing? >> >> -Dima >> >>> On Wed, Feb 11, 2015 at 12:49 PM, Jiten Gore <[email protected]> wrote: >>> >>> We are having difficulties connecting with our Java application to our >>> Kerberized HBase cluster. We are using a keytab file to authenticate. >>> >>> Has anyone successfully connected this way? If you have and can help, >>> please let me know. I can share details about the issue. >>> >>> Best Regards, >>> Jiten >>> >>> Sent from my iPhone -- Thanks, Michael Antonov
