Hive w/ Kerberos Authentication starts failing after a week

Thu, 26 Jul 2018 13:21:40 -0700 

We are seeing frequent failures of our Hive DBCP connections after a week of 
use when using Kerberos with Principal/Keytab. We've tried with both the 
Credential Service and without (though in looking at the code, there should be 
no difference).

It looks like the tickets are expiring and renewal is not happening?

javax.security.sasl.SaslException: GSS initiate failed
        at 
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
        at 
org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
        at 
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at 
org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
        at 
org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
        at 
org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1656)
        at 
org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
        at 
org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:204)
        at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:176)
        at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)
        at 
org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)
        at 
org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
        at 
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1148)
        at 
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:106)
        at 
org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
        at 
org.apache.nifi.dbcp.hive.HiveConnectionPool.lambda$getConnection$0(HiveConnectionPool.java:355)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1656)
        at 
org.apache.nifi.dbcp.hive.HiveConnectionPool.getConnection(HiveConnectionPool.java:355)
        at sun.reflect.GeneratedMethodAccessor515.invoke(Unknown Source)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)

Thanks,
Peter

Reply via email to