phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mallieswari Dineshbabu <dmalliesw...@gmail.com>
Subject Re: Cannot connect phoenix client in kerberos cluster
Date Thu, 19 Oct 2017 05:55:59 GMT
Hi Rafa,

following are the checksum failed exception with additional logs gathered
in query server side.

        ... 19 more
Caused by: java.security.GeneralSecurityException: Checksum failed
        at
sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry
pto.java:408)
        at
sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav
a:91)
        at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:100)
        ... 25 more
17/10/19 05:42:10 DEBUG server.AvaticaJsonHandler: HTTP request from
172.0.0.4 i
s unauthenticated and authentication is required
17/10/19 05:42:10 DEBUG server.HttpConnection:
org.apache.phoenix.shaded.org.ecl
ipse.jetty.server.HttpConnection$SendCallback@5891b2c8
[PROCESSING][i=ResponseInf
o{HTTP/1.1 404 null,278,false},cb=
org.apache.phoenix.shaded.org.eclipse.jetty.se
rver.HttpChannel$CommitCallback@76bf3474] generate: NEED_HEADER
(null,[p=0,l=278
,c=2048,r=278],true)@START
17/10/19 05:42:10 DEBUG server.HttpConnection:
org.apache.phoenix.shaded.org.ecl
ipse.jetty.server.HttpConnection$SendCallback@5891b2c8
[PROCESSING][i=ResponseInf
o{HTTP/1.1 404 null,278,false},cb=
org.apache.phoenix.shaded.org.eclipse.jetty.se
rver.HttpChannel$CommitCallback@76bf3474] generate: FLUSH
([p=0,l=210,c=8192,r=2
10],[p=0,l=278,c=2048,r=278],true)@COMPLETING
17/10/19 05:42:10 DEBUG io.WriteFlusher: write: WriteFlusher@3d86d805{IDLE}
[Hea
pByteBuffer@58e0ca22[p=0,l=210,c=8192,r=210]={<<<HTTP/1.1 404 Not
...z-SNAPSHOT)
\r\n\r\n>>>erver:
Jetty(9.2....\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
x00\x00\x00},HeapByteBuffer@30ce894
[p=0,l=278,c=2048,r=278]={<<<<html>\n<head>\n
<me.../body>\n</html>\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x
00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}]
17/10/19 05:42:10 DEBUG io.WriteFlusher: update WriteFlusher@3d86d805
{WRITING}:I
DLE-->WRITING

Regards,
Mallieswari D

On Thu, Oct 12, 2017 at 11:00 AM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:

> Hi Rafa,
>
> As per your concerns, I have updated the JCE policy and tested now getting
> "Checksum Failed" Exception. Please find the error below.
>
>
>
> GSSException: Failure unspecified at GSS-API level (Mechanism level: *Checksum
> fa*
>
> *iled*)
>
>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 788)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
>         at sun.security.jgss.spnego.SpNegoContext.GSS_
> acceptSecContext(SpNegoCon
>
> text.java:871)
>
>         at sun.security.jgss.spnego.SpNegoContext.
> acceptSecContext(SpNegoContext
>
> .java:544)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SpnegoLoginServi
>
> ce.login(SpnegoLoginService.java:137)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.L
>
> oginAuthenticator.login(LoginAuthenticator.java:61)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.S
>
> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SecurityHandler.
>
> handle(SecurityHandler.java:512)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerLis
>
> t.handle(HandlerList.java:52)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerWra
>
> pper.handle(HandlerWrapper.java:97)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.
> handle(Serv
>
> er.java:499)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpChannel.handle
>
> (HttpChannel.java:311)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpConnection.onF
>
> illable(HttpConnection.java:257)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.io.
> AbstractConnection$2.r
>
> un(AbstractConnection.java:544)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool.runJob(QueuedThreadPool.java:635)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool$3.run(QueuedThreadPool.java:555)
>
>         at java.lang.Thread.run(Thread.java:744)
>
> Caused by: KrbException: Checksum failed
>
>         at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
>
> cEType.java:102)
>
>         at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
>
> cEType.java:94)
>
>         at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
>
>         at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
>
>         at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>
>         at sun.security.jgss.krb5.InitSecContextToken.<init>(
> InitSecContextToken
>
> .java:108)
>
>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 771)
>
>         ... 19 more
>
> Caused by: java.security.GeneralSecurityException: Checksum failed
>
>         at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.
> decrypt(ArcFourCry
>
> pto.java:408)
>
>         at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(
> ArcFourHmac.jav
>
> a:91)
>
>         at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
>
> cEType.java:100)
>
>         ... 25 more
>
>
>
> Please help me to fix this .
>
>
> Regards,
>
>
> Mallieswari D
>
> On Wed, Oct 11, 2017 at 5:42 PM, rafa <rafa13@gmail.com> wrote:
>
>> Hi Mallieswari,
>>
>> The error:
>>
>> KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not
>> supported/enabled
>>
>> points to JCE not installed or incorrectly installed in the JVM.
>>
>> What I have configured is : Phoenix query server connects itself to the
>> secured cluster with a valid kerberos principal and keytab.
>>
>> The access to query server : sqlline-thin.py http://hostname:8765
>>
>> Regards,
>> rafa
>>
>
>
>
> --
> Thanks and regards
> D.Mallieswari
>



-- 
Thanks and regards
D.Mallieswari

Mime
View raw message