Thanks for the pointer to PHOENIX-3189 Josh. I don't think we are facing that.
We will try to activate the debug mode on Kerberos and retry. Good idea! I will keep this thread updated if we find something... JMS 2016-09-15 17:39 GMT-04:00 Josh Elser <josh.el...@gmail.com>: > Cool, thanks for the info, JM. Thinking out loud.. > > * Could be missing/inaccurate /etc/krb5.conf on the nodes running spark > tasks > * Could try setting the Java system property sun.security.krb5.debug=true > in the Spark executors > * Could try to set org.apache.hadoop.security=DEBUG in log4j config > > Hard to guess at the real issue without knowing more :). Any more context > you can share, I'd be happy to try to help. > > (ps. obligatory warning about PHOENIX-3189 if you're using 4.8.0) > > Jean-Marc Spaggiari wrote: > >> Using the keytab in the JDBC URL. That the way we use locally and we >> also tried to run command line applications directly from the worker >> nodes and it works, But inside the Spark Executor it doesn't... >> >> 2016-09-15 13:07 GMT-04:00 Josh Elser <josh.el...@gmail.com >> <mailto:josh.el...@gmail.com>>: >> >> How do you expect JDBC on Spark Kerberos authentication to work? Are >> you using the principal+keytab options in the Phoenix JDBC URL or is >> Spark itself obtaining a ticket for you (via some "magic")? >> >> >> Jean-Marc Spaggiari wrote: >> >> Hi, >> >> I tried to build a small app all under Kerberos. >> >> JDBC to Phoenix works >> Client to HBase works >> Client (puts) on Spark to HBase works. >> But JDBC on Spark to HBase fails with a message like >> "GSSException: No >> valid credentials provided (Mechanism level: Failed to >> find any Kerberos tgt)]" >> >> Keytab is accessible on all the nodes. >> >> Keytab belongs to the user running the job, and executors are >> running >> under that user name. So this is fine. >> >> Any idea of that this might be? >> >> Thanks, >> >> JMS >> >> >>