Just to discard it. Might you need Java Unlimited Cryptography Extension to be installed to deal with the cipher algorithms in your keytabs?
On Thu, 12 Apr 2018, 20:47 Yan Koyfman, <koyf...@gmail.com> wrote: > We are attempting to create a connection to PQS (Phoenix 4.13.1) in a > Kerberized Hbase cluster, but have been running into the following > exception. Is there something we should start with to troubleshoot? > Thanks. > > Our connection string looks like this: > jdbc:phoenix:thin:url=http://xxxxxxx:8765;serialization > =PROTOBUF;authentication=SPNEGO;principal=HTTP/xxxxx@yyyyy > ;keytab=/etc/security/keytabs/spnego.service.keytab > > Using phoenix-queryserver-client-4.13.1-HBase-1.2.jar. Note this only > happens with JDBC connection; if we run kinit, sqlline.py can connect on > the localhost. > > JDK 1.8 > HBase 1.2.0 > Hadoop 2.7.2 > avatica-core-1.10.0.jar, avatica-metrics-1.10.0.jar, sqlline-1.2.0.jar > > Exception when connection: > > ```2018-04-12 10:41:52,665 WARN > org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginService: > GSSException: Failure unspecified at GSS-API level (Mechanism level: > Checksum failed) > at > sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) > at > sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at > sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at > sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) > at > sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) > at > sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) > at > sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) > at > org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginService.login(SpnegoLoginService.java:137) > at > org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:61) > at > org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.SpnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99) > at > org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:512) > at > org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52) > at > org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) > at > org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Server.java:499) > at > org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) > at > org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) > at > org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) > at > org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) > at > org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) > at java.lang.Thread.run(Thread.java:745) > Caused by: KrbException: Checksum failed > at > sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102) > at > sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94) > at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175) > at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:281) > at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) > at > sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) > at > sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) > ... 19 more > Caused by: java.security.GeneralSecurityException: Checksum failed > at > sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408) > at > sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91) > at > sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100) > ... 25 more``` > >
