Tags: #krb5 #KERBEROS
Date: 2022-07-24
Links:
Explanation of Links:
Zettelkasten:
Summary: Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
2022-07-22 18:19:53,660 INFO [pool-5-thread-15] o.a.h.s.UserGroupInformation.loginUserFromKeytab(1147) : Login successful for user hive/cdh1@HADOOP.COM using keytab file /root/hive/hive.keytab. Keytab auto renewal enabled : false
2022-07-22 18:19:53,661 INFO [pool-5-thread-15] h.metastore.getIfClientFilterEnabled(308) : HMS client filtering is enabled.
2022-07-22 18:19:53,661 INFO [pool-5-thread-15] h.metastore.open(472) : Trying to connect to metastore with URI thrift://172.20.74.237:9083
>>> KrbKdcReq send: #bytes read=173
>>> KrbKdcReq send: #bytes read=173
>>> KdcAccessibility: remove cdh1
>>> KdcAccessibility: remove cdh1
>>> KDCRep: init() encoding tag is 126 req type is 13
>>> KDCRep: init() encoding tag is 126 req type is 13
>>>KRBError:
>>>KRBError:
cTime is Sun May 06 10:38:20 CST 2007 1178419100000
cTime is Sun Sep 20 02:47:24 CST 1992 716928444000
sTime is Fri Jul 22 18:18:55 CST 2022 1658485135000
suSec is 6467
error code is 7
error Message is Server not found in Kerberos database
cname is hive/cdh1@HADOOP.COM
sname is hive/172.20.74.237@HADOOP.COM
msgType is 30
sTime is Fri Jul 22 18:18:55 CST 2022 1658485135000
suSec is 6469
error code is 7
error Message is Server not found in Kerberos database
cname is hive/cdh1@HADOOP.COM
sname is hive/172.20.74.237@HADOOP.COM
msgType is 30
2022-07-22 18:19:53,663 INFO [pool-5-thread-9] h.metastore.open(472) : Trying to connect to metastore with URI thrift://172.20.74.237:9083
Found ticket for hive/cdh1@HADOOP.COM to go to krbtgt/HADOOP.COM@HADOOP.COM expiring on Sat Jul 23 18:18:55 CST 2022
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for hive/cdh1@HADOOP.COM to go to krbtgt/HADOOP.COM@HADOOP.COM expiring on Sat Jul 23 18:18:55 CST 2022
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
2022-07-22 18:19:53,663 ERROR [pool-5-thread-16] o.a.t.t.TSaslTransport.open(313) : SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:545)
at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:303)
at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:219)
at com.info2soft.sync.hive.increment.bigdata.hive.HiveUtils.lambda$getHiveMetaStoreClient$0(HiveUtils.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
at com.info2soft.sync.hive.increment.bigdata.hive.HiveUtils.getHiveMetaStoreClient(HiveUtils.java:64)
at com.info2soft.sync.hive.increment.configuration.HiveClientFactory.getHiveMetaStoreClientWrapper(HiveClientFactory.java:74)
at com.info2soft.sync.hive.increment.configuration.HiveClientFactory.getHiveMetaStoreClientWrapper(HiveClientFactory.java:80)
at com.info2soft.sync.hive.increment.task.TaskEstimator.analyzeTableSpec(TaskEstimator.java:77)
at com.info2soft.sync.hive.increment.task.TaskEstimator.analyze(TaskEstimator.java:56)
at com.info2soft.sync.hive.bootstrap.hive.TableCompareWorker.processTable(TableCompareWorker.java:69)
at com.info2soft.sync.hive.bootstrap.hive.TableComparator$SplitCallable.call(TableComparator.java:100)
at com.info2soft.sync.hive.bootstrap.hive.TableComparator$SplitCallable.call(TableComparator.java:86)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 28 common frames omitted
Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
... 31 common frames omitted
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
... 37 common frames omitted
>>> KrbKdcReq send: kdc=cdh1 UDP:88, timeout=30000, number of retries =3, #bytes=648
>>> KDCCommunication: kdc=cdh1 UDP:88, timeout=30000,Attempt =1, #bytes=648
Tags: #kerbores #nslookup