Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Problems with kerberos in the command console.

Problems with kerberos in the command console.

New Contributor

Hi

 

I have configured kerberos with the active directory, all functions in web work (HUE), only when I want the command in hdfs dfs -ls / in the console I get the following error.

Problems with kerberos in the command console.

 

18/10/30 11:26:28 DEBUG util.Shell: setsid exited with exit code 0
18/10/30 11:26:29 DEBUG conf.Configuration: parsing URL jar:file:/opt/cloudera/parcels/CDH-5.8.4-1.cdh5.8.4.p0.5/jars/hadoop-common-2.6.0-cdh5.8.4.jar!/core-default.xml
18/10/30 11:26:29 DEBUG conf.Configuration: parsing input stream sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream@36b4361a
18/10/30 11:26:29 DEBUG conf.Configuration: parsing URL file:/etc/hadoop/conf.cloudera.yarn/core-site.xml
18/10/30 11:26:29 DEBUG conf.Configuration: parsing input stream java.io.BufferedInputStream@29d52a29
18/10/30 11:26:29 DEBUG core.Tracer: sampler.classes = ; loaded no samplers
18/10/30 11:26:29 TRACE core.TracerId: ProcessID(fmt=%{tname}/%{ip}): computed process ID of "FsShell/172.16.198.78"
18/10/30 11:26:29 TRACE core.TracerPool: TracerPool(Global): adding tracer Tracer(FsShell/172.16.198.78)
18/10/30 11:26:29 DEBUG core.Tracer: span.receiver.classes = ; loaded no span receivers
18/10/30 11:26:29 TRACE core.Tracer: Created Tracer(FsShell/172.16.198.78) for FsShell
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginSuccess with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Rate of successful kerberos logins and latency (milliseconds)], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.loginFailure with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Rate of failed kerberos logins and latency (milliseconds)], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field org.apache.hadoop.metrics2.lib.MutableRate org.apache.hadoop.security.UserGroupInformation$UgiMetrics.getGroups with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[GetGroups], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field private org.apache.hadoop.metrics2.lib.MutableGaugeLong org.apache.hadoop.security.UserGroupInformation$UgiMetrics.renewalFailuresTotal with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Renewal failures since startup], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG lib.MutableMetricsFactory: field private org.apache.hadoop.metrics2.lib.MutableGaugeInt org.apache.hadoop.security.UserGroupInformation$UgiMetrics.renewalFailures with annotation @org.apache.hadoop.metrics2.annotation.Metric(valueName=Time, value=[Renewal failures since last successful login], about=, type=DEFAULT, always=false, sampleName=Ops)
18/10/30 11:26:29 DEBUG impl.MetricsSystemImpl: UgiMetrics, User and group related metrics
18/10/30 11:26:29 DEBUG security.SecurityUtil: Setting hadoop.security.token.service.use_ip to true
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
18/10/30 11:26:29 DEBUG security.Groups: Creating new Groups object
18/10/30 11:26:29 DEBUG security.Groups: Group mapping impl=org.apache.hadoop.security.ShellBasedUnixGroupsMapping; cacheTimeout=300000; warningDeltaMs=5000
>>>DEBUG <CCacheInputStream> client principal is user@Mydomain.com
>>>DEBUG <CCacheInputStream> server principal is krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
>>>DEBUG <CCacheInputStream> key type: 23
>>>DEBUG <CCacheInputStream> auth time: Tue Oct 30 11:22:10 BOT 2018
>>>DEBUG <CCacheInputStream> start time: Tue Oct 30 11:22:10 BOT 2018
>>>DEBUG <CCacheInputStream> end time: Tue Oct 30 21:22:10 BOT 2018
>>>DEBUG <CCacheInputStream> renew_till time: Tue Nov 06 11:22:10 BOT 2018
>>> CCacheInputStream: readFlags() FORWARDABLE; RENEWABLE; INITIAL; PRE_AUTH;
18/10/30 11:26:29 DEBUG security.UserGroupInformation: hadoop login
18/10/30 11:26:29 DEBUG security.UserGroupInformation: hadoop login commit
18/10/30 11:26:29 DEBUG security.UserGroupInformation: using kerberos user:USER@MYDOMAIN.COM
18/10/30 11:26:29 DEBUG security.UserGroupInformation: Using user: "user@MYDOMAIN.COM" with name user@MYDOMAIN.COM
18/10/30 11:26:29 DEBUG security.UserGroupInformation: failure to login
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name user@MYDOMAIN.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@MYDOMAIN.COM
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:217)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:596)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:839)
at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:801)
at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:674)
at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2860)
at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2852)
at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2715)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:383)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:182)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:367)
at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
at org.apache.hadoop.fs.shell.PathData.expandAsGlob(PathData.java:325)
at org.apache.hadoop.fs.shell.Command.expandArgument(Command.java:235)
at org.apache.hadoop.fs.shell.Command.expandArguments(Command.java:218)
at org.apache.hadoop.fs.shell.FsCommand.processRawArguments(FsCommand.java:102)
at org.apache.hadoop.fs.shell.Command.run(Command.java:165)
at org.apache.hadoop.fs.FsShell.run(FsShell.java:315)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
at org.apache.hadoop.fs.FsShell.main(FsShell.java:372)
Caused by: java.lang.IllegalArgumentException: Illegal principal name user@MYDOMAIN.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@MYDOMAIN.COM
at org.apache.hadoop.security.User.<init>(User.java:50)
at org.apache.hadoop.security.User.<init>(User.java:43)
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:215)
... 30 more
Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user@MYDOMAIN.COM
at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:400)
at org.apache.hadoop.security.User.<init>(User.java:48)
... 32 more
ls: failure to login
18/10/30 11:26:29 TRACE core.TracerPool: TracerPool(Global): removing tracer Tracer(FsShell/172.16.198.78)

 

 

1 REPLY 1
Highlighted

Re: Problems with kerberos in the command console.

New Contributor

As an additional data, this problem started to appear after updating the JDK1 to the version build 1.8.0_144-b01, can someone help me?

I followed these same steps:
https://www.cloudera.com/documentation/enterprise/upgrade/topics/ug_jdk8.html