Support Questions

Find answers, ask questions, and share your expertise

Kerberos Unable to obtain password from user

avatar
Master Guru

I am trying to connect from Squirrel to phoenix and it errors out with

at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:202) at net.sourceforge.squirrel_sql.fw.sql.SQLDriverManager.getConnection(SQLDriverManager.java:133) at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand.executeConnect(OpenConnectionCommand.java:167) ... 7 more Caused by: java.io.IOException: Login failure for smanjee@CLOUD.HORTONWORKS.COM from keytab /Users/smanjee/keytabs/keytab at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:921) at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:242) at org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386) at org.apache.hadoop.hbase.security.User.login(User.java:253) at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:380) ... 17 more Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)

I verified by keytab file looks good by issuing a curl webhdfs against to cluster with success. What am i missing here?

4 REPLIES 4

avatar
Super Guru

I think this is permission issue for the principal smanjee for Phoenix service. Can you try the following from the same node where you have squirrel and after kinit try accessing your phoenix service from command line. I think it would still fail and once you resolve that with proper permissions for this user, your squirrel issue would be resolved too. Hope this helps.

kinit -ket <your keytab file> smanjee@CLOUD.HORTONWORKS.COM

avatar
Contributor

Have you tried to specify smanjee (without the realm) as the user?

avatar
Master Mentor

@Sunile Manjee

Just tried on my cluster

$ kdestroy
[root@host ~]# sudo su - smanjee
[smanjee@host ~]$ kinit
Password for smanjee@HORTONWORKS: 
[smanjee@host ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_49393
Default principal: smanjee@HORTONWORKS
Valid starting     Expires            Service principal
11/28/16 17:06:44  11/29/16 03:06:44  krbtgt/ HORTONWORKS@HORTONWORKS

Tell me whether it worked out for you

avatar
New Contributor

I was facing the same issue.

Keytab file was having access to other user.

Provide adequate access on keytab file for the user running the job. This will resolve the issue.