Support Questions

Find answers, ask questions, and share your expertise

Hive Server2 going down,

avatar
Expert Contributor
 2017-04-01 16:47:22,104 ERROR transport.TSaslTransport (TSaslTransport.java:open(315)) - SASL negotiation failure
javax.security.sasl.SaslException: Error validating the login [Caused by javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: passwd]
        at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:109)
        at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:539)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:283)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.AuthenticationException: Error authenticating with the PAM service: passwd
        at org.apache.hive.service.auth.PamAuthenticationProviderImpl.Authenticate(PamAuthenticationProviderImpl.java:46)
        at org.apache.hive.service.auth.PlainSaslHelper$PlainServerCallbackHandler.handle(PlainSaslHelper.java:106)
        at org.apache.hive.service.auth.PlainSaslServer.evaluateResponse(PlainSaslServer.java:102)
        ... 8 more

2017-03-25 23:22:02,055 INFO exec.TableScanOperator (Operator.java:close(635)) - 1747 Close done 2017-03-25 23:22:02,102 INFO log.PerfLogger (PerfLogger.java:PerfLogBegin(121)) - <PERFLOG method=releaseLocks from=org.apache.hadoop.hive.ql.Driver> 2017-03-25 23:22:02,102 INFO log.PerfLogger (PerfLogger.java:PerfLogEnd(148)) - </PERFLOG method=releaseLocks start=1490455322102 end=1490455322102 duration=0 from=org.apache.hadoop.hive.ql.Driver> 2017-03-25 23:22:50,108 ERROR transport.TSaslTransport

14 REPLIES 14

avatar
Expert Contributor
javax.security.sasl.SaslException:Error validating the login [Causedby javax.security.sasl.AuthenticationException:Error authenticating with the PAM service: passwd]

avatar
Master Mentor

@zkfs

Please refer to the following article to validate your PAM configuration: https://community.hortonworks.com/content/supportkb/48753/how-to-use-pam-for-hiveserver2-authenticat...

Still if you face any issue then please share the hive configs. HiveServer2 log (with complete stackTrace) and verify if your passwd file has correct permission and is in correct format.

.

avatar
Expert Contributor

thanks for your reply, will check and update

avatar
Expert Contributor

avatar
Expert Contributor

These given parameter all ready in place, only these permision are missing. Is this permission alos will get effect.

# chmod 744 /etc/passwd

# chmod 744 /etc/shadow

avatar
Expert Contributor

these permission are in place ,still we getting an error.

avatar
Master Mentor

@zkfs

Yes, those permissions should be 744 as mentioned in the previously shared article (Exampel # chmod 744 /etc/pam.d/passwd) : https://community.hortonworks.com/content/supportkb/48753/how-to-use-pam-for-hiveserver2-authenticat...

Need to provide execute permission of "/etc/pam.d/passwd" (744) to the root user or the super user used to start hive server2. Also provide read execute permission of /etc/passwd and /etc/shadow (744) to the root user or the super user used to start hiveserver2 (e.g. user hive)

avatar
Expert Contributor

We able to start and stoping the serviec Ambari WI, we not facing any issue with that.

It has following permission. other as well same.

-rw-r--r-- 1 root root 133 /etc/pam.d/passwd

avatar
Master Mentor

@zkfs

As mentioned earlier "Need to provide execute permission of "/etc/pam.d/passwd" (744)" That is needed for the root user or the super user used to start hive server2.

Can you please try that... if that does not work then you can easily revert it back.