Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Krb5LoginModule] Unable to obtain password from user #7837

Closed
h00173922 opened this issue Jun 6, 2019 · 3 comments
Closed

[Krb5LoginModule] Unable to obtain password from user #7837

h00173922 opened this issue Jun 6, 2019 · 3 comments
Labels
stale

Comments

@h00173922
Copy link

Hi, all
Our Hadoop is secured / kerberized, and I have set druid.hadoop.security.kerberos.principal and druid.hadoop.security.kerberos.keytab
The following error occurred when druid startup :

`2019-06-06T10:13:00,966 INFO [main] io.druid.storage.hdfs.HdfsStorageAuthentication - Trying to authenticate user [hdfs/hadoop.hadoop.com@HADOOP.COM] with keytab [/home/cspexpert/hdfs.keytab]..
2019-06-06T10:13:00,980 ERROR [main] io.druid.cli.CliOverlord - Error when starting up. Failing.
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at io.druid.java.util.common.lifecycle.Lifecycle$AnnotationBasedHandler.start(Lifecycle.java:364) ~[java-util-0.10.0.jar:0.10.0]
at io.druid.java.util.common.lifecycle.Lifecycle.start(Lifecycle.java:263) ~[java-util-0.10.0.jar:0.10.0]
at io.druid.guice.LifecycleModule$2.start(LifecycleModule.java:156) ~[druid-api-0.10.0.jar:0.10.0]
at io.druid.cli.GuiceRunnable.initLifecycle(GuiceRunnable.java:102) [druid-services-0.10.1-SNAPSHOT.jar:0.10.1-SNAPSHOT]
at io.druid.cli.ServerRunnable.run(ServerRunnable.java:41) [druid-services-0.10.1-SNAPSHOT.jar:0.10.1-SNAPSHOT]
at io.druid.cli.Main.main(Main.java:108) [druid-services-0.10.1-SNAPSHOT.jar:0.10.1-SNAPSHOT]
Caused by: io.druid.java.util.common.ISE: Failed to authenticate user principal [hdfs/hadoop.hadoop.com@HADOOP.COM] with keytab [/home/cspexpert/hdfs.keytab]
at io.druid.storage.hdfs.HdfsStorageAuthentication.authenticate(HdfsStorageAuthentication.java:71) ~[?:?]
... 10 more
Caused by: java.io.IOException: Login failure for hdfs/hadoop.hadoop.com@HADOOP.COM from keytab /home/cspexpert/hdfs.keytab
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:890) ~[?:?]
at io.druid.storage.hdfs.HdfsStorageAuthentication.authenticate(HdfsStorageAuthentication.java:67) ~[?:?]
... 10 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

    at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897) ~[?:1.8.0_181]
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) ~[?:1.8.0_181]
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_181]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_181]
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_181]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_181]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_181]
    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_181]
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_181]
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_181]
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:881) ~[?:?]
    at io.druid.storage.hdfs.HdfsStorageAuthentication.authenticate(HdfsStorageAuthentication.java:67) ~[?:?]
    ... 10 more

`
hadoop version 2.7.3 druid version 0.10.0

Have someone can help or tell me solution.
Thanks
@a2l007
Copy link
Contributor

a2l007 commented Jun 13, 2019

@h00173922
Unable to obtain password from user is generally thrown from Java Kerberos classes and happens when it cannot use the keytab successfully (typically when it has no access to the keytab file or the file doesn't exist). When that happens, it will fallback to a prompt asking for password and this would almost always timeout and fail with that error message.
So you should probably check if the keytab is accessible by the user running the druid process.

@stale
Copy link

stale bot commented Mar 19, 2020

This issue has been marked as stale due to 280 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@druid.apache.org list. Thank you for your contributions.

@stale stale bot added the stale label Mar 19, 2020
@stale
Copy link

stale bot commented Apr 17, 2020

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.

@stale stale bot closed this as completed Apr 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@a2l007 @h00173922