phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanooj Padmakumar <p.san...@gmail.com>
Subject Re: Kerberos ticket renewal
Date Wed, 16 Mar 2016 18:02:54 GMT
This is the error in the log when it fails

ERROR org.apache.hadoop.security.UserGroupInformation -
PriviledgedActionException as:<principal here> (auth:KERBEROS)
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]

On Wed, Mar 16, 2016 at 8:35 PM, Sanooj Padmakumar <p.sanooj@gmail.com>
wrote:

> Hi Anil
>
> Thanks for your reply.
>
> We do not do anything explicitly in the code to do the ticket renwal ,
> what we do is run a cron job for the user for which the ticket has to be
> renewed.  But with this approach we need a restart to get the thing going
> after the ticket expiry
>
> We use the following connection url for getting the phoenix connection
> jdbc:phoenix:<zkhosts>:<zkport>:/hbase:<kerberos principal>:<path
to
> keytab>
>
> This along with the entries in hbase-site.xml & core-site.xml are passed
> to the connection object
>
> Thanks
> Sanooj Padmakumar
>
> On Tue, Mar 15, 2016 at 12:04 AM, anil gupta <anilgupta84@gmail.com>
> wrote:
>
>> Hi,
>>
>> At my previous job, we had web-services fetching data from a secure hbase
>> cluster. We never needed to renew the lease by restarting webserver. Our
>> app used to renew the ticket. I think, Phoenix/HBase already handles
>> renewing ticket. Maybe you need to look into your kerberos environment
>> settings.  How are you authenticating with Phoenix/HBase?
>> Sorry, I dont remember the exact kerberos setting that we had.
>>
>> HTH,
>> Anil Gupta
>>
>> On Mon, Mar 14, 2016 at 11:00 AM, Sanooj Padmakumar <p.sanooj@gmail.com>
>> wrote:
>>
>>> Hi
>>>
>>> We have a rest style micro service application fetching data from hbase
>>> using Phoenix. The cluster is kerberos secured and we run a cron to renew
>>> the kerberos ticket on the machine where the micro service is deployed.
>>>
>>> But it always needs a restart of micro service java process to get the
>>> kerberos ticket working once after its expired.
>>>
>>> Is there a way I can avoid this restart?
>>>
>>> Any pointers will be very helpful. Thanks
>>>
>>> PS : We have a Solr based micro service which works without a restart.
>>>
>>> Regards
>>> Sanooj
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Anil Gupta
>>
>
>
>
> --
> Thanks,
> Sanooj Padmakumar
>



-- 
Thanks,
Sanooj Padmakumar

Mime
View raw message