Created 10-18-2018 02:43 AM
I am trying to connect to kerberized HIVE from JAVA application which is running in docker container. I am able to execute kinit command successfully. 88 port is properly opened to KDC server. while making hive connection, it is failing at step "UserGroupInformation.loginUserFromKeytab("xxxxx@xxxxx.COM", "/config/xxxx.keytab");" with below error "Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.sql.DataSource]: Factory method 'dataSource' threw exception; nested exception is java.io.IOException: Login failure for xxxxx@xxxxx.COM from keytab /config/xxxx.keytab: javax.security.auth.login.LoginException: Receive timed out"
please help to analyze this issue.
Created 10-18-2018 02:47 AM
After how much time do you see "Receive timed out" message?
In your java code can you enable Kerberos Debug options?
# java -Dsun.security.krb5.debug=true YourJavaCode
Also can you please check if you are passing the correct details about the KDC ? Can you check if you are using correct "/etc/krb5.conf" in the path?
Can you also check if you are setting this parameter in your kewrberos config? This option forces the communication channel to use TCP instead of UDP.
udp_preference_limit = 1
If possible can you please share the code snippet?
Also the output of the following command from the host where you are running the Java code
# telnet $KDC_HOST 80
Created 10-18-2018 02:51 AM
Created 10-18-2018 04:47 AM
Hi Jay Kumar,
It is taking 90 seconds to timeout.
kinit is successfull.
port 80 is not opened.
please let me know what else i need to check.
Created 10-18-2018 04:49 AM
kdc server port is 88 which is opened. i will add debug logs as you suggested.
Created 10-19-2018 06:37 AM
Enabled the debug logs and found that at below point, timeout is happening..
KrbKdcReq send: kdc=xxx.xx.com UDP:88, timeout=30000, number of retries =3, #bytes=144 >>> KDCCommunication: kdc=xxx.xx.com UDP:88, timeout=30000,Attempt =1, #bytes=144
Created 10-19-2018 07:26 AM
As you can see that it is timing out at UDP communication hence in my previous update i requested you to use the following option inside your "/etc/krb5.conf" (windows: krb5.ini) You will need to put that property under the [libdefaults] section.
This option forces the communication channel to use TCP instead of UDP.
udp_preference_limit = 1
Via Ambari for all ambari managed Kerberos clients you can do this as
Ambari UI --> Kerberos --> Configs > Advanced --> Advanced krb5-conf