Did you try using kinit with the keytab . Make sure its the same unix
user who is running storm UI
On Fri, Mar 18, 2016, at 02:58 PM, Andrey Dudin wrote:
> Hi guys.
>
> I try to configure Kerberos for Storm.
> I use storm 0.10.
> Now I try configure only UI, without other components.
>
>
> I add to config:
> ui.filter:
> "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
> ui.filter.params:
> "type": "kerberos"
> "kerberos.principal": "HTTP/%myhostname%"
> "kerberos.keytab": "%mykeytab%"
> "kerberos.name.rules": "DEFAULT"
>
>
> Generate keytab, and SPN.
>
>
> But when I start UI, I getting error:
>
> javax.security.auth.login.LoginException: No key to store
>
> *Full stacktrace:*
> 2016-03-16 15:54:49.265 o.a.s.s.o.e.j.u.c.AbstractLifeCycle [WARN] FAILED
> o.a.s.s.o.e.j.s.ServletContextHandler{/,null}:
> javax.servlet.ServletException: org.apache
>
> .hadoop.security.authentication.client.AuthenticationException:
> javax.security.auth.login.LoginException: No key to store
> javax.servlet.ServletException:
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> javax.security.auth.login.LoginException: No key to store
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:240)
> ~[hadoop-auth-2.7.2.jar:?]
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:238)
> ~[hadoop-auth-2.7.2.jar:?]
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:227)
> ~[hadoop-auth-2.7.2.jar:?]
> at
> org.apache.storm.shade.org.eclipse.jetty.servlet.FilterHolder.doStart(FilterHolder.java:107)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:707)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:254)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:689)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.server.Server.doStart(Server.java:281)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.helpers$storm_run_jetty.invoke(helpers.clj:228)
> [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.core$start_server_BANG_.invoke(core.clj:1091)
> [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.core$_main.invoke(core.clj:1111)
> [storm-core-0.10.0.jar:0.10.0]
> at clojure.lang.AFn.applyToHelper(AFn.java:152) [clojure-1.6.0.jar:?]
> at clojure.lang.AFn.applyTo(AFn.java:144) [clojure-1.6.0.jar:?]
> at backtype.storm.ui.core.main(Unknown Source)
> [storm-core-0.10.0.jar:0.10.0]
> Caused by:
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> javax.security.auth.login.LoginException: No key to store
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:224)
> ~[hadoop-auth-2.7.2.jar:?]
> ... 17 more
> Caused by: javax.security.auth.login.LoginException: No key to store
> at
> com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1119)
> ~[?:1.8.0_60]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_60]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_60]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_60]
> at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> ~[?:1.8.0_60]
> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.login(LoginContext.java:588)
> ~[?:1.8.0_60]
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:221)
> ~[hadoop-auth-2.7.2.jar:?]
> ... 17 more
>
> Did anyone who know whats wrong?
> --
> С уважением Дудин Андрей
