Here are some of the errors you face while setting up kerberos enabled hadoop
1) Be sure to validate your ticket and keytab file.
Ticket Validation:
klist
Output:
Ticket cache: FILE:/tmp/krb5cc_1001
Default principal: zookeeper/localhost@EXAMPLE.COM
Valid starting Expires Service principal
2017-05-22T18:40:52 2017-05-23T04:40:52 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 2017-05-29T18:40:52
Keytab validation:
kinit <PRINCIPAL> -k -t <KEYTAB_PATH>
It will return success if your keytab is valid.
2) Caused by: javax.security.auth.login.LoginException: No key to store
at com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1072)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:596)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:169)
... 24 more
2014-06-07 21:11:33,511 INFO org.apache.hadoop.util.ExitUtil: Exiting with status 1
2014-06-07 21:11:33,512 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: SHUTDOWN_MSG:
Cause: Ticket got expired.
Solution: rm -f /tmp/krb*
3) .keystore doesnot exist.
Cause: ssl is not correctly setup.Please follow the previous post
Solution: http://lxpert.blogspot.in/2017/05/setting-up-kerberos-enabled-hadoop.html
1) Be sure to validate your ticket and keytab file.
Ticket Validation:
klist
Output:
Ticket cache: FILE:/tmp/krb5cc_1001
Default principal: zookeeper/localhost@EXAMPLE.COM
Valid starting Expires Service principal
2017-05-22T18:40:52 2017-05-23T04:40:52 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 2017-05-29T18:40:52
Keytab validation:
kinit <PRINCIPAL> -k -t <KEYTAB_PATH>
It will return success if your keytab is valid.
2) Caused by: javax.security.auth.login.LoginException: No key to store
at com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1072)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:596)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:169)
... 24 more
2014-06-07 21:11:33,511 INFO org.apache.hadoop.util.ExitUtil: Exiting with status 1
2014-06-07 21:11:33,512 INFO org.apache.hadoop.hdfs.server.namenode.NameNode: SHUTDOWN_MSG:
Cause: Ticket got expired.
Solution: rm -f /tmp/krb*
3) .keystore doesnot exist.
Cause: ssl is not correctly setup.Please follow the previous post
Solution: http://lxpert.blogspot.in/2017/05/setting-up-kerberos-enabled-hadoop.html
Do you like this article? Share It!
0 comments to "Common Errors in setting up Hadoop/YARN with kerberos"
Post a Comment