Thanks alot Vipin for quick response, let me try this option Regards, Prakash R
On Thu, Jan 4, 2018 at 11:14 AM, Vipin Rathor <[email protected]> wrote: > Hello Prakash, > > Metron REST (or any Hadoop service for that matter) should not use > HTTPS/<host-fqdn>@<REALM> principal. If it is using this (as seen in your > logs), most probably that is due to httpclient v4.5.2 library being used by > Metron REST. This was a known issue and we have seen in past with Knox etc. > [Reference: https://issues.apache.org/jira/browse/KNOX-762 ] > As a workaround/fix, please see if you can downgrade httpclient library to > v4.5.1. > > Thanks, > VR > > On Wed, Jan 3, 2018 at 3:54 PM, prakash r <[email protected]> wrote: > >> Hi, >> >> >> HCP : 1.3.0 / Metron : 0.4.1.1 >> >> HDP : 2.5.0 >> >> >> Kerberos Authentication enabled for Hadoop cluster. >> >> When Metron Rest trying to connect to Storm, error is thrown as no Server >> not found in Kerberos database (7) - LOOKING_UP_SERVER >> >> >>>KRBError: cTime is Thu Oct 28 12:56:54 AEST 1971 57466614000 sTime is >> Wed Jan 03 22:57:12 AEDT 2018 1514980632000 suSec is 418131 error code is 7 >> error Message is Server not found in Kerberos database cname is >> [email protected] sname is >> *HTTPS/[email protected] >> <HTTPS/[email protected]> *msgType is 30 >> KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER >> at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at >> sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) at >> sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) at >> sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) >> at >> sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) >> at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) >> at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) >> at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextIm >> pl.java:248) >> >> In KDC there is no principal with HTTPS/cbro-test-ms5.netwo >> [email protected] >> >> We can see only >> *HTTP/[email protected] >> <HTTP/[email protected]>* >> >> If we add manually principal (HTTPS/cbro-test-ms5.networks. >> [email protected]) using kadmin in kerberos server, getting >> error as checksum failed >> >> Jan 03, 2018 10:32:20 PM org.apache.catalina.core.StandardWrapperValve >> invoke SEVERE: Servlet.service() for servlet [dispatcherServlet] in context >> with path [] threw exception [Request processing failed; nested exception >> is org.springframework.web.client.RestClientException: Error running >> rest call; nested exception is >> org.springframework.web.client.HttpClientErrorException: >> 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: >> Checksum failed)] with root cause >> org.springframework.web.client.HttpClientErrorException: >> 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: >> Checksum failed) at org.springframework.web.client >> .DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) >> at >> org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:667) >> at org.springframework.web.client.RestTemplate.doExecute(RestTe >> mplate.java:620) >> >> Please suggest how to resolve this issue, thanks >> >> >> Regards, >> Prakash R >> > > > > -- > -Rathor >
