Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎10-30-2018

Problems with kerberos in the command console.

Hi

 

I have configured kerberos with the active directory, all functions in web work (HUE), only when I want the command in hdfs dfs -ls / in the console I get the following error.

Problems with kerberos in the command console.

 

18/10/30 11:26:28 DEBUG util.Shell: setsid exited with exit code 0
18/10/30 11:26:29 DEBUG conf.Configuration: parsing URL jar:file:/opt/cloudera/parcels/CDH-5.8.4-1.cdh5.8.4.p0.5/jars/hadoop-common-2.6.0-cdh5.8.4.jar!/core-default.xml
18/10/30 11:26:29 DEBUG conf.Configuration: parsing input stream sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream@36b4361a
18/10/30 11:26:29 DEBUG conf.Configuration: parsing URL file:/etc/hadoop/conf.cloudera.yarn/core-site.xml
18/10/30 11:26:29 DEBUG conf.Configuration: parsing input stream java.io.BufferedInputStream@29d52a29
18/10/30 11:26:29 DEBUG core.Tracer: sampler.classes = ; loaded no samplers
18/10/30 11:26:29 TRACE core.TracerId: ProcessID(fmt=%{tname}/%{ip}): computed process ID of "FsShell/172.16.198.78"
18/10/30 11:26:29 TRACE core.TracerPool: TracerPool(Global): adding tracer Tracer(FsShell/172.16.198.78)
18/10/30 11:26:29 DEBUG core.Tracer: span.receiver.classes = ; loaded no span receivers
18/10/30 11:26:29 TRACE core.Tracer: Created Tracer(FsShell/172.16.198.78) for FsShell
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Rate of successful kerberos logins and latency (milliseconds)], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Rate of failed kerberos logins and latency (milliseconds)], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[GetGroups], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field private org.apache.hadoop.metrics2.lib.MutableGaugeLong org.apache.hadoop.security.UserGroupInformation$UgiMetrics.renewalFailuresTotal with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Renewal failures since startup], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field private org.apache.hadoop.metrics2.lib.MutableGaugeInt org.apache.hadoop.security.UserGroupInformation$UgiMetrics.renewalFailures with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Renewal failures since last successful login], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG impl.MetricsSystemImpl: UgiMetrics, User and group related metrics
18/10/30 11:26:29 DEBUG security.SecurityUtil: Setting hadoop.security.token.service.use_ip to true
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
18/10/30 11:26:29 DEBUG security.Groups: Creating new Groups object
18/10/30 11:26:29 DEBUG security.Groups: Group mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping; cacheTimeout=300000; warningDeltaMs=5000
>>>DEBUG <CCacheInputStream> client principal is user@Mydomain.com
>>>DEBUG <CCacheInputStream> server principal is krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
>>>DEBUG <CCacheInputStream> key type: 23
>>>DEBUG <CCacheInputStream> auth time: Tue Oct 30 11:22:10 BOT 2018
>>>DEBUG <CCacheInputStream> start time: Tue Oct 30 11:22:10 BOT 2018
>>>DEBUG <CCacheInputStream> end time: Tue Oct 30 21:22:10 BOT 2018
>>>DEBUG <CCacheInputStream> renew_till time: Tue Nov 06 11:22:10 BOT 2018
>>> CCacheInputStream: readFlags() FORWARDABLE; RENEWABLE; INITIAL; PRE_AUTH;
18/10/30 11:26:29 DEBUG security.UserGroupInformation: hadoop login
18/10/30 11:26:29 DEBUG security.UserGroupInformation: hadoop login commit
18/10/30 11:26:29 DEBUG security.UserGroupInformation: using kerberos user:USER@MYDOMAIN.COM
18/10/30 11:26:29 DEBUG security.UserGroupInformation: Using user: "user@MYDOMAIN.COM" with name user@MYDOMAIN.COM
18/10/30 11:26:29 DEBUG security.UserGroupInformation: failure to login
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name user@MYDOMAIN.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@MYDOMAIN.COM
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:217)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:596)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:839)
at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:801)
at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:674)
at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2860)
at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2852)
at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2715)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:383)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:182)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:367)
at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
at org.apache.hadoop.fs.shell.PathData.expandAsGlob(PathData.java:325)
at org.apache.hadoop.fs.shell.Command.expandArgument(Command.java:235)
at org.apache.hadoop.fs.shell.Command.expandArguments(Command.java:218)
at org.apache.hadoop.fs.shell.FsCommand.processRawArguments(FsCommand.java:102)
at org.apache.hadoop.fs.shell.Command.run(Command.java:165)
at org.apache.hadoop.fs.FsShell.run(FsShell.java:315)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
at org.apache.hadoop.fs.FsShell.main(FsShell.java:372)
Caused by: java.lang.IllegalArgumentException: Illegal principal name user@MYDOMAIN.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@MYDOMAIN.COM
at org.apache.hadoop.security.User.<init>(User.java:50)
at org.apache.hadoop.security.User.<init>(User.java:43)
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:215)
... 30 more
Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@MYDOMAIN.COM
at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:400)
at org.apache.hadoop.security.User.<init>(User.java:48)
... 32 more
ls: failure to login
18/10/30 11:26:29 TRACE core.TracerPool: TracerPool(Global): removing tracer Tracer(FsShell/172.16.198.78)

 

 

New Contributor
Posts: 2
Registered: ‎10-30-2018

Re: Problems with kerberos in the command console.

As an additional data, this problem started to appear after updating the JDK1 to the version build 1.8.0_144-b01, can someone help me?

I followed these same steps:
https://www.cloudera.com/documentation/enterprise/upgrade/topics/ug_jdk8.html

Announcements