Hello Prakash, Metron REST (or any Hadoop service for that matter) should not use HTTPS/<host-fqdn>@<REALM> principal. If it is using this (as seen in your logs), most probably that is due to httpclient v4.5.2 library being used by Metron REST. This was a known issue and we have seen in past with Knox etc. [Reference: https://issues.apache.org/jira/browse/KNOX-762 ] As a workaround/fix, please see if you can downgrade httpclient library to v4.5.1.
Thanks, VR On Wed, Jan 3, 2018 at 3:54 PM, prakash r <[email protected]> wrote: > Hi, > > > HCP : 1.3.0 / Metron : 0.4.1.1 > > HDP : 2.5.0 > > > Kerberos Authentication enabled for Hadoop cluster. > > When Metron Rest trying to connect to Storm, error is thrown as no Server > not found in Kerberos database (7) - LOOKING_UP_SERVER > > >>>KRBError: cTime is Thu Oct 28 12:56:54 AEST 1971 57466614000 sTime is > Wed Jan 03 22:57:12 AEDT 2018 1514980632000 suSec is 418131 error code is 7 > error Message is Server not found in Kerberos database cname is > [email protected] sname is > *HTTPS/[email protected] > <HTTPS/[email protected]> *msgType is 30 > KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER > at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at > sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) at > sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) at > sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) > at > sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) > at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) > at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) > at sun.security.jgss.GSSContextImpl.initSecContext( > GSSContextImpl.java:248) > > In KDC there is no principal with HTTPS/cbro-test-ms5. > [email protected] > > We can see only > *HTTP/[email protected] > <HTTP/[email protected]>* > > If we add manually principal (HTTPS/cbro-test-ms5.networks. > [email protected]) using kadmin in kerberos server, getting error > as checksum failed > > Jan 03, 2018 10:32:20 PM org.apache.catalina.core.StandardWrapperValve > invoke SEVERE: Servlet.service() for servlet [dispatcherServlet] in context > with path [] threw exception [Request processing failed; nested exception > is org.springframework.web.client.RestClientException: Error running rest > call; nested exception is > org.springframework.web.client.HttpClientErrorException: > 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: > Checksum failed)] with root cause > org.springframework.web.client.HttpClientErrorException: > 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: > Checksum failed) at org.springframework.web.client. > DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) > at org.springframework.web.client.RestTemplate. > handleResponse(RestTemplate.java:667) at org.springframework.web. > client.RestTemplate.doExecute(RestTemplate.java:620) > > Please suggest how to resolve this issue, thanks > > > Regards, > Prakash R > -- -Rathor
