Home Forums HDP on Linux – Installation Login failure while enable Kerberos on HDP1.3 cluster

This topic contains 2 replies, has 2 voices, and was last updated by  Tracy Li 8 months ago.

  • Creator
    Topic
  • #32054

    Tracy Li
    Member

    Hi Horton,

    I have installed HDP1.3 cluster with 3 nodes using ambari, Now I want to enable Kerberos authentication on this cluster but error occurred, What I did is:

    1. Install and configure KDC in one machine and copy krb5.conf file to other nodes.
    2. I follow http://docs.hortonworks.com/HDPDocuments/HDP1/HDP-1.2.3.1/bk_installing_manually_book/content/rpm-chap14-1-4.html to create pricipals and keytabs(using default relm EXAMPLE.COM).
    3. Then I copy all keytabs to all nodes to /etc/security/keytabs/ folder and make the perssion to 700.
    4. I follow the doc #2 mentioned and change/add new properties in core-site.xml and hdfs-site.xml and so no(stop the hdfs and mapreduce service).
    5. Then I start the mapreduce service or hdfs service the error occorred:

    2013-08-14 17:08:37,618 INFO org.apache.hadoop.security.UserGroupInformation: Asked the TGT renewer thread to terminate
    2013-08-14 17:08:37,621 ERROR org.apache.hadoop.hdfs.server.datanode.DataNode: java.io.IOException: Login failure for dn/hdp56.tibco.com@EXAMPLE.COM from keytab /etc/security/keytabs/dn.service.keytab
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:719)
    at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:317)
    at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:289)
    at org.apache.hadoop.hdfs.server.datanode.DataNode.(DataNode.java:313)
    at org.apache.hadoop.hdfs.server.datanode.DataNode.makeInstance(DataNode.java:1712)
    at org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:1651)
    at org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:1669)
    at org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:1795)
    at org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:1812)
    Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

    at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:789)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:654)
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)

    So anybody can help me on this? I did the kinit -k -t keytab file pricipal which works file and can cache it.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Viewing 2 replies - 1 through 2 (of 2 total)