Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop, mail # user - Java programmatic authentication of Hadoop Kerberos


Copy link to this message
-
Re: Java programmatic authentication of Hadoop Kerberos
Vinod Kumar Vavilapalli 2011-09-22, 06:15
You may be missing the kerberos principal for the namenode in your
configuration used to connect to NameNode. Check your configuration for
dfs.namenode.kerberos.principal and set it to the same value as on NN.

HTH
+Vinod

On Thu, Sep 22, 2011 at 4:06 AM, Sivva <[EMAIL PROTECTED]> wrote:

>
> Hi Lakshmi,
> Were you able to resolve the below issue. Even I'm facing the same issue,
> but couldn't resolve it.
> Please do reply me if you have the solution.
>
> Thanks in advance.
> Regards,
> Sivva.
>
> Sari1983 wrote:
> >
> > Hi,
> >
> > Kerberos has been configured for our Hadoop file system. I wish to do the
> > authentication through a Java program. I'm able to perform the
> > authentication using a normal java application. But, if I've any HDFS
> > operations in the Java program, it's succeeded in reading the Keytab
> file,
> > but showing some problems...
> > org.apache.hadoop.security.UserGroupInformation loginUserFromKeytab
> > INFO: Login successful for user <principal name> using keytab file
> > <keytab.>
> >
> > The problems (Exceptions are) ...
> >
> >
> > org.apache.hadoop.security.UserGroupInformation reloginFromKeytab
> > INFO: Initiating logout for <principal name>
> > Mar 21, 2011 8:56:32 AM org.apache.hadoop.security.UserGroupInformation
> > reloginFromKeytab
> > INFO: Initiating re-login for <principal name>
> > Mar 21, 2011 8:56:34 AM org.apache.hadoop.security.UserGroupInformation
> > hasSufficientTimeElapsed
> > WARNING: Not attempting to re-login since the last re-login was attempted
> > less than 600 seconds before.
> > Mar 21, 2011 8:56:38 AM org.apache.hadoop.security.UserGroupInformation
> > hasSufficientTimeElapsed
> > WARNING: Not attempting to re-login since the last re-login was attempted
> > less than 600 seconds before.
> > ......
> > Mar 21, 2011 8:56:51 AM org.apache.hadoop.security.UserGroupInformation
> > hasSufficientTimeElapsed
> > WARNING: Not attempting to re-login since the last re-login was attempted
> > less than 600 seconds before.
> >
> > Mar 21, 2011 8:57:13 AM org.apache.hadoop.ipc.Client$Connection$1 run
> > WARNING: Couldn't setup connection for <Principal Name> to null
> > Exception in thread "main" java.io.IOException: Call to <part of the
> > principal name>/10.204.97.33:8020 failed on local exception:
> > java.io.IOException: Couldn't setup connection for <principal name> to
> > null
> >       at org.apache.hadoop.ipc.Client.wrapException(Client.java:1139)
> >       at org.apache.hadoop.ipc.Client.call(Client.java:1107)
> >       at org.apache.hadoop.ipc.RPC$Invoker.invoke(RPC.java:226)
> >       at $Proxy5.getProtocolVersion(Unknown Source)
> >       at org.apache.hadoop.ipc.RPC.getProxy(RPC.java:398)
> >       at org.apache.hadoop.ipc.RPC.getProxy(RPC.java:384)
> >       at
> org.apache.hadoop.hdfs.DFSClient.createRPCNamenode(DFSClient.java:111)
> >       at org.apache.hadoop.hdfs.DFSClient.<init>(DFSClient.java:213)
> >       at org.apache.hadoop.hdfs.DFSClient.<init>(DFSClient.java:180)
> >       at
> >
> org.apache.hadoop.hdfs.DistributedFileSystem.initialize(DistributedFileSystem.java:89)
> >       at
> org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:1514)
> >       at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:67)
> >       at
> > org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:1548)
> >       at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:1530)
> >       at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:228)
> >       at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:111)
> >       at Fil2.main(Fil2.java:27)
> > Caused by: java.io.IOException: Couldn't setup connection for <principal
> > name> to null
> >       at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:503)
> >       at java.security.AccessController.doPrivileged(Native Method)
> >       at javax.security.auth.Subject.doAs(Subject.java:396)
> >       at
> >
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1115)