Support Questions

surendra_ravell · ‎10-18-2018

Hi,

I am trying to connect to kerberized HIVE from JAVA application which is running in docker container. I am able to execute kinit command successfully. 88 port is properly opened to KDC server. while making hive connection, it is failing at step "UserGroupInformation.loginUserFromKeytab("xxxxx@xxxxx.COM", "/config/xxxx.keytab");" with below error "Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.sql.DataSource]: Factory method 'dataSource' threw exception; nested exception is java.io.IOException: Login failure for xxxxx@xxxxx.COM from keytab /config/xxxx.keytab: javax.security.auth.login.LoginException: Receive timed out"

please help to analyze this issue.

Thanks,

Surendra

jsensharma · ‎10-18-2018

@Surendra Ravella

After how much time do you see "Receive timed out" message?

In your java code can you enable Kerberos Debug options?

# java -Dsun.security.krb5.debug=true YourJavaCode

.

Also can you please check if you are passing the correct details about the KDC ? Can you check if you are using correct "/etc/krb5.conf" in the path?

Can you also check if you are setting this parameter in your kewrberos config? This option forces the communication channel to use TCP instead of UDP.

udp_preference_limit = 1

If possible can you please share the code snippet?

Also the output of the following command from the host where you are running the Java code

# telnet $KDC_HOST 80

jsensharma · ‎10-18-2018

@Surendra Ravella

Reference:

https://community.hortonworks.com/content/supportkb/49610/kerberised-namanode-fails-with-connection-...

surendra_ravell · ‎10-18-2018

Hi Jay Kumar,

It is taking 90 seconds to timeout.

kinit is successfull.

port 80 is not opened.

please let me know what else i need to check.

thanks

surendra_ravell · ‎10-18-2018

kdc server port is 88 which is opened. i will add debug logs as you suggested.

surendra_ravell · ‎10-19-2018

Enabled the debug logs and found that at below point, timeout is happening..

KrbKdcReq send: kdc=xxx.xx.com UDP:88, timeout=30000, number of retries =3, #bytes=144 >>> KDCCommunication: kdc=xxx.xx.com UDP:88, timeout=30000,Attempt =1, #bytes=144

jsensharma · ‎10-19-2018

@Surendra Ravella

As you can see that it is timing out at UDP communication hence in my previous update i requested you to use the following option inside your "/etc/krb5.conf" (windows: krb5.ini) You will need to put that property under the [libdefaults] section.

This option forces the communication channel to use TCP instead of UDP.

udp_preference_limit = 1

.

Via Ambari for all ambari managed Kerberos clients you can do this as

Ambari UI  --> Kerberos  --> Configs > Advanced --> Advanced krb5-conf