Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Not able to connect to storm via rest calls when ssl and kerberos are enabled.

Highlighted

Not able to connect to storm via rest calls when ssl and kerberos are enabled.

New Contributor

Getting below error when I am trying to connect to storm.
I am using hdp2.6 and my storm services are ssl and kerberos enabled.
storm_ui_principal_name is set to its default value HTTP/_HOST@REALM

Found ticket for user@REALM to go to krbtgt/REALM@REALM expiring on Tue Oct 17 17:13:47 IST 2017
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbKdcReq send: kdc=hostname UDP:88, timeout=30000, number of retries =3, #bytes=631
>>> KDCCommunication: kdc=hostname UDP:88, timeout=30000,Attempt =1, #bytes=631
>>> KrbKdcReq send: #bytes read=176
>>> KdcAccessibility: remove hostname
>>> KDCRep: init() encoding tag is 126 req type is 13
>>>KRBError:
cTime is Fri Oct 05 05:08:11 IST 2007 1191541091000
sTime is Mon Oct 16 17:13:47 IST 2017 1508154227000
suSec is 841840
error code is 7
error Message is Server not found in Kerberos database
cname is user@REALM
sname is HTTPS/hostname@realm
msgType is 30
KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:270)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:302)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:120)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)

2 REPLIES 2
Highlighted

Re: Not able to connect to storm via rest calls when ssl and kerberos are enabled.

Contributor

How are you connecting to storm? Is it using a browser or some http client? It seems that web server host name is not configured correctly?

Re: Not able to connect to storm via rest calls when ssl and kerberos are enabled.

New Contributor

I am connecting through a java class where -Djava.security.auth.login.config is set.

In the logs, the storm principal it is connecting to is HTTPS/hostname@realm by default where as it is set to HTTP/hostname@realm in Ambari.

Don't have an account?
Coming from Hortonworks? Activate your account here