I have a kerberized cluster where in local realm trusts AD realm with MIT KDC setup.
AD Realm : EXAMPLE.COM
Local Realm: LOCALREALM.EXAMPLE.COM
Post doing kinit as user@EXAMPLE.COM , I'm able to perform all the regular tasks through command line like creating hbase tables, running mapreduce job etc.
But, when i'm trying to connect to hbase to perform a benchmarking through ycsb tool, it throws an exception as unable to login.
If i authenticate using the local realm such as user@LOCALREALM.EXAMPLE.COM, it works like a charm.
I have the rules added in auth to local to trust AD realm too : RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
Do not understand if i'm missing anything else. can someone please help ?
Below is a part of the stack trace:
Caused by: java.io.IOException: failure to login
at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:782)
at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:734)
at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:607)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.<init>(User.java:285)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.<init>(User.java:281)
at org.apache.hadoop.hbase.security.User.getCurrent(User.java:185)
at org.apache.hadoop.hbase.security.UserProvider.getCurrent(UserProvider.java:88)
at org.apache.hadoop.hbase.client.ConnectionFactory.createConnection(ConnectionFactory.java:215)
at org.apache.hadoop.hbase.client.ConnectionFactory.createConnection(ConnectionFactory.java:119)
at com.yahoo.ycsb.db.HBaseClient10.init(HBaseClient10.java:149)
... 3 more
Caused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name user@EXAMPLE.COM
at org.apache.hadoop.security.User.<init>(User.java:50)
at org.apache.hadoop.security.User.<init>(User.java:43)
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:588)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:757)
at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:734)
at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:607)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.<init>(User.java:285)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.<init>(User.java:281)
at org.apache.hadoop.hbase.security.User.getCurrent(User.java:185)
at org.apache.hadoop.hbase.security.UserProvider.getCurrent(UserProvider.java:88)
at org.apache.hadoop.hbase.client.ConnectionFactory.createConnection(ConnectionFactory.java:215)
at org.apache.hadoop.hbase.client.ConnectionFactory.createConnection(ConnectionFactory.java:119)
at com.yahoo.ycsb.db.HBaseClient10.init(HBaseClient10.java:149)
at com.yahoo.ycsb.DBWrapper.init(DBWrapper.java:86)
at com.yahoo.ycsb.ClientThread.run(Client.java:424)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@EXAMPLE.COM
at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
at org.apache.hadoop.security.User.<init>(User.java:48)
... 26 more
