Hi Joe, we recently had a similar problem. For us it turned out that we are using the latest open-jdk8 which no longer is providing the JCE policies required for strong cryptography out of the box on cents 7.3.
regards, Georg Joe Witt <[email protected]> schrieb am Fr., 14. Juli 2017 um 15:12 Uhr: > James, > > I know Jeff Storck has recently been doing some work around > Kerberos/TGT renewal. Hopefully he can share some of his > observations/work back on this thread soon. > > Thanks > > On Fri, Jul 14, 2017 at 8:48 AM, James Srinivasan > <[email protected]> wrote: > > Hi all, > > > > I have a NiFi processor which uses Kerberos keytab authentication to > > write data to Accumulo. I have a separate thread which periodically > > runs in order to try renewing my TGT > > (UserGroupInformation.getCurrentUser.checkTGTAndReloginFromKeytab()). > > > > This code works fine outside NiFi, but inside NiFi while the initial > > login is fine, on subsequent attempts to check the TGT, the > > UserGroupInformation class seems to think it is using ticket cache, > > not keytab authentication (i.e. > > UserGroupInformation.getCurrentUser.isFromKeytab is false). > > > > I notice the Hadoop processors support some Kerberos authentication > > options (I'm not yet using any of those processors, but would like to > > in other flows). Could this be interacting badly with my code? > > > > Thanks very much, > > > > James >
