phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mallieswari Dineshbabu <dmalliesw...@gmail.com>
Subject Re: Cannot connect phoenix client in kerberos cluster
Date Thu, 12 Oct 2017 05:30:30 GMT
Hi Rafa,

As per your concerns, I have updated the JCE policy and tested now getting
"Checksum Failed" Exception. Please find the error below.



GSSException: Failure unspecified at GSS-API level (Mechanism level: *Checksum
fa*

*iled*)

        at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:

788)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:342)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:285)

        at
sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoCon

text.java:871)

        at
sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext

.java:544)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:342)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:285)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginServi

ce.login(SpnegoLoginService.java:137)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.L

oginAuthenticator.login(LoginAuthenticator.java:61)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.S

pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.

handle(SecurityHandler.java:512)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerLis

t.handle(HandlerList.java:52)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWra

pper.handle(HandlerWrapper.java:97)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Serv

er.java:499)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle

(HttpChannel.java:311)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onF

illable(HttpConnection.java:257)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.r

un(AbstractConnection.java:544)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP

ool.runJob(QueuedThreadPool.java:635)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP

ool$3.run(QueuedThreadPool.java:555)

        at java.lang.Thread.run(Thread.java:744)

Caused by: KrbException: Checksum failed

        at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma

cEType.java:102)

        at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma

cEType.java:94)

        at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)

        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)

        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)

        at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken

.java:108)

        at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:

771)

        ... 19 more

Caused by: java.security.GeneralSecurityException: Checksum failed

        at
sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry

pto.java:408)

        at
sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav

a:91)

        at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma

cEType.java:100)

        ... 25 more



Please help me to fix this .


Regards,


Mallieswari D

On Wed, Oct 11, 2017 at 5:42 PM, rafa <rafa13@gmail.com> wrote:

> Hi Mallieswari,
>
> The error:
>
> KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not
> supported/enabled
>
> points to JCE not installed or incorrectly installed in the JVM.
>
> What I have configured is : Phoenix query server connects itself to the
> secured cluster with a valid kerberos principal and keytab.
>
> The access to query server : sqlline-thin.py http://hostname:8765
>
> Regards,
> rafa
>



-- 
Thanks and regards
D.Mallieswari

Mime
View raw message