https://community.cloudera.com/t5/Support-Questions/hive-llap-slider-kerberos-error-while-launching-llap/m-p/214018#M175934 <P><A rel="user" href="https://community.cloudera.com/users/13950/dheervijjiraghu.html" nodeid="13950">@Venkata Sudheer Kumar M</A> </P><P>I already looked at these topics, but everything is correct. But here is what I thinks is different in my case : </P><PRE>2017-12-05 12:05:47,992 [main] INFO zk.RegistrySecurity - Enabling ZK sasl client: jaasClientEntry = Client, principal = null, keytab = null 2017-12-05 12:05:48,022 [main] INFO imps.CuratorFrameworkImpl - Starting 2017-12-05 12:05:48,033 [main-SendThread(zer332su.distribution.edf.fr:2181)] WARN zookeeper.ClientCnxn - SASL configuration failed: javax.security.auth.login.LoginException: No key to store Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. 2017-12-05 12:05:48,035 [main-EventThread] ERROR curator.ConnectionState - Authentication failed 2017-12-05 12:05:48,045 [main-EventThread] INFO state.ConnectionStateManager - State change: CONNECTED 2017-12-05 12:05:48,058 [main] WARN client.SliderClient - Error deleting registry entry /users/hive/services/org-apache-slider/llap0: org.apache.hadoop.registry.client.exceptions.NoPathPermissionsException: `/registry/users/hive/services/org-apache-slider/llap0': Not authorized to access path; ACLs: [null ACL]: KeeperErrorCode = NoAuth for /registry/users/hive/services/org-apache-slider/llap0 org.apache.hadoop.registry.client.exceptions.NoPathPermissionsException: `/registry/users/hive/services/org-apache-slider/llap0': Not authorized to access path; ACLs: [null ACL]: KeeperErrorCode = NoAuth for /registry/users/hive/services/org-apache-slider/llap0 at org.apache.hadoop.registry.client.impl.zk.CuratorService.operationFailure(CuratorService.java:385) at org.apache.hadoop.registry.client.impl.zk.CuratorService.operationFailure(CuratorService.java:364) at org.apache.hadoop.registry.client.impl.zk.CuratorService.zkDelete(CuratorService.java:684) at org.apache.hadoop.registry.client.impl.zk.RegistryOperationsService.delete(RegistryOperationsService.java:160) at org.apache.slider.client.SliderClient.actionDestroy(SliderClient.java:677) at org.apache.slider.client.SliderClient.exec(SliderClient.java:379) at org.apache.slider.client.SliderClient.runService(SliderClient.java:333) at org.apache.slider.core.main.ServiceLauncher.launchService(ServiceLauncher.java:188) at org.apache.slider.core.main.ServiceLauncher.launchServiceRobustly(ServiceLauncher.java:475) at org.apache.slider.core.main.ServiceLauncher.launchServiceAndExit(ServiceLauncher.java:403) at org.apache.slider.core.main.ServiceLauncher.serviceMain(ServiceLauncher.java:630) at org.apache.slider.Slider.main(Slider.java:49) </PRE><P>Slider is not using kerberos correctly (no principal / keytab) ! Like it is written here : </P><PRE>2017-12-05 12:05:47,992 [main] INFO zk.RegistrySecurity - Enabling ZK sasl client: jaasClientEntry = Client, principal = null, keytab = null</PRE><P>When I connect myself as the hive user here is what I get (without a principal / keytab to test):</P><PRE>sudo su - hive</PRE><PRE>klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_xxxx)</PRE><PRE>/usr/hdp/current/zookeeper-client/bin/zkCli.sh -server $hostname Connecting to $hostname Welcome to ZooKeeper! JLine support is enabled WATCHER:: WatchedEvent state:AuthFailed type:None path:null WATCHER:: WatchedEvent state:SyncConnected type:None path:null [zk: $hostname(CONNECTED) 0]</PRE><P>Looking for the acl of /registry/users/hive/services/org-apache-slider/llap0</P><PRE>[zk: $hostname(CONNECTED) 0] getAcl /registry/users/hive/services/org-apache-slider/llap0 'world,'anyone : r 'sasl,'yarn : cdrwa 'sasl,'jhs : cdrwa 'sasl,'hdfs : cdrwa 'sasl,'rm : cdrwa 'sasl,'hive : cdrwa 'sasl,'hive/hostname@REALM : cdrwa </PRE><P>When the slider application is started, shoudn't this one use the keytab of the hive user ? </P><P><A rel="user" href="https://community.cloudera.com/users/12415/mattandruff.html" nodeid="12415">@Matt Andruff</A> </P><P>I currently test with kerberos only. At the end I will use a custom authentication (like I used before)</P><P>Sould I check slider ? </P><P>Thanks</P> Tue, 05 Dec 2017 19:40:49 GMT mpaul 2017-12-05T19:40:49Z