phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Soldatov <sergeysolda...@gmail.com>
Subject Re: Kerberos ticket renewal
Date Wed, 16 Mar 2016 21:39:01 GMT
Where do you see this error? Is it the client side? Ideally you don't
need to renew ticket since Phoenix Driver gets the required
information (principal name and keytab path) from jdbc connection
string and performs User.login itself.

Thanks,
Sergey

On Wed, Mar 16, 2016 at 11:02 AM, Sanooj Padmakumar <p.sanooj@gmail.com> wrote:
> This is the error in the log when it fails
>
> ERROR org.apache.hadoop.security.UserGroupInformation -
> PriviledgedActionException as:<principal here> (auth:KERBEROS)
> cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to find
> any Kerberos tgt)]
>
> On Wed, Mar 16, 2016 at 8:35 PM, Sanooj Padmakumar <p.sanooj@gmail.com>
> wrote:
>>
>> Hi Anil
>>
>> Thanks for your reply.
>>
>> We do not do anything explicitly in the code to do the ticket renwal ,
>> what we do is run a cron job for the user for which the ticket has to be
>> renewed.  But with this approach we need a restart to get the thing going
>> after the ticket expiry
>>
>> We use the following connection url for getting the phoenix connection
>> jdbc:phoenix:<zkhosts>:<zkport>:/hbase:<kerberos principal>:<path
to
>> keytab>
>>
>> This along with the entries in hbase-site.xml & core-site.xml are passed
>> to the connection object
>>
>> Thanks
>> Sanooj Padmakumar
>>
>> On Tue, Mar 15, 2016 at 12:04 AM, anil gupta <anilgupta84@gmail.com>
>> wrote:
>>>
>>> Hi,
>>>
>>> At my previous job, we had web-services fetching data from a secure hbase
>>> cluster. We never needed to renew the lease by restarting webserver. Our app
>>> used to renew the ticket. I think, Phoenix/HBase already handles renewing
>>> ticket. Maybe you need to look into your kerberos environment settings.  How
>>> are you authenticating with Phoenix/HBase?
>>> Sorry, I dont remember the exact kerberos setting that we had.
>>>
>>> HTH,
>>> Anil Gupta
>>>
>>> On Mon, Mar 14, 2016 at 11:00 AM, Sanooj Padmakumar <p.sanooj@gmail.com>
>>> wrote:
>>>>
>>>> Hi
>>>>
>>>> We have a rest style micro service application fetching data from hbase
>>>> using Phoenix. The cluster is kerberos secured and we run a cron to renew
>>>> the kerberos ticket on the machine where the micro service is deployed.
>>>>
>>>> But it always needs a restart of micro service java process to get the
>>>> kerberos ticket working once after its expired.
>>>>
>>>> Is there a way I can avoid this restart?
>>>>
>>>> Any pointers will be very helpful. Thanks
>>>>
>>>> PS : We have a Solr based micro service which works without a restart.
>>>>
>>>> Regards
>>>> Sanooj
>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Anil Gupta
>>
>>
>>
>>
>> --
>> Thanks,
>> Sanooj Padmakumar
>
>
>
>
> --
> Thanks,
> Sanooj Padmakumar

Mime
View raw message