Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Hive Server2 going down,

Expert Contributor
 2017-04-01 16:47:22,104 ERROR transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure
javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: passwd]
        at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
        at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: passwd
        at org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:46)
        at org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
        at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
        ... 8 more

2017-03-25 23:22:02,055 INFO exec.TableScanOperator (Operator.java:close(635)) - 1747 Close done 2017-03-25 23:22:02,102 INFO log.PerfLogger (PerfLogger.java:PerfLogBegin(121)) - <PERFLOG method=releaseLocks from=org.apache.hadoop.hive.ql.Driver> 2017-03-25 23:22:02,102 INFO log.PerfLogger (PerfLogger.java:PerfLogEnd(148)) - </PERFLOG method=releaseLocks start=1490455322102 end=1490455322102 duration=0 from=org.apache.hadoop.hive.ql.Driver> 2017-03-25 23:22:50,108 ERROR transport.TSaslTransport

14 REPLIES 14

Expert Contributor
javax.security.sasl.SaslException:Error validating the login [Causedby javax.security.sasl.AuthenticationException:Error authenticating with the PAM service: passwd]

Super Mentor

@zkfs

Please refer to the following article to validate your PAM configuration: https://community.hortonworks.com/content/supportkb/48753/how-to-use-pam-for-hiveserver2-authenticat...

Still if you face any issue then please share the hive configs. HiveServer2 log (with complete stackTrace) and verify if your passwd file has correct permission and is in correct format.

.

Expert Contributor

thanks for your reply, will check and update

Rising Star

Expert Contributor

These given parameter all ready in place, only these permision are missing. Is this permission alos will get effect.

# chmod 744 /etc/passwd

# chmod 744 /etc/shadow

Expert Contributor

these permission are in place ,still we getting an error.

Super Mentor

@zkfs

Yes, those permissions should be 744 as mentioned in the previously shared article (Exampel # chmod 744 /etc/pam.d/passwd) : https://community.hortonworks.com/content/supportkb/48753/how-to-use-pam-for-hiveserver2-authenticat...

Need to provide execute permission of "/etc/pam.d/passwd" (744) to the root user or the super user used to start hive server2. Also provide read execute permission of /etc/passwd and /etc/shadow (744) to the root user or the super user used to start hiveserver2 (e.g. user hive)

Expert Contributor

We able to start and stoping the serviec Ambari WI, we not facing any issue with that.

It has following permission. other as well same.

-rw-r--r-- 1 root root 133 /etc/pam.d/passwd

Super Mentor

@zkfs

As mentioned earlier "Need to provide execute permission of "/etc/pam.d/passwd" (744)" That is needed for the root user or the super user used to start hive server2.

Can you please try that... if that does not work then you can easily revert it back.

Expert Contributor

Sure i will try and update you. Thank you for your infomation

Expert Contributor

Still we getting this error, have anyone faced same issue for HiverServer2.

2017-04-01 16:47:22,104 ERROR transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure
javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: passwd]
        at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
        at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: passwd
        at org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:46)
        at org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
        at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
        ... 8 more


Guru
@zkfs

on which node are you changing the permissions ? You should do that on the namenode.

Expert Contributor

Yep did in master node only

Expert Contributor

Our Hive Server2 going down for this issue.

Have anyone implemented this steps and it working fine.

https://community.hortonworks.com/articles/591/using-hive-with-pam-authentication.html