Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Test connection fail

Highlighted

Test connection fail

Contributor

Getting below error while test connection of service in Ranger KMS. Unable to retrieve any Kms Key using given URL.

You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names

3 REPLIES 3
Highlighted

Re: Test connection fail

Guru

hey @Ankit Tripathi can you please let us know what values you are using while defining KMS repo? A screenshot will be helpful. Is Kerberos enabled on this cluster?

Re: Test connection fail

Contributor

Hi Vipin,

Yes, Keberose is enable. when I am starting my ranger kms, I am getting below exception and after that when I tried for test connection getting above msg.

INFO KMSWebApp - Initialized KeyProviderCryptoExtension EagerKeyGeneratorKeyProviderCryptoExtension: KeyProviderCryptoExtension: CachingKeyProvider: org.apache.hadoop.crypto.key.RangerKeyStoreProvider@232d4442 2016-05-23 09:55:48,818 INFO KMSWebApp - Default key bitlength is 128 2016-05-23 09:55:48,818 INFO KMSWebApp - Ranger KMS Started 2016-05-23 09:55:48,956 INFO SessionIdGenerator - Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [138] milliseconds. 2016-05-23 09:55:48,975 ERROR [/kms] - Exception starting filter authFilter javax.servlet.ServletException: org.apache.hadoop.security.authentication.client.AuthenticationException: javax.security.auth.login.LoginException: No key to store at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:241) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.init(DelegationTokenAuthenticationHandler.java:117) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:248) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.initializeAuthHandler(DelegationTokenAuthenticationFilter.java:195) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:234) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.init(DelegationTokenAuthenticationFilter.java:161) at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260) at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4828) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5508) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: javax.security.auth.login.LoginException: No key to store at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:225) ... 17 more Caused by: javax.security.auth.login.LoginException: No key to store at com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1119)

4441-zuz2q.png

Highlighted

Re: Test connection fail

Explorer

Based on your exception:

Caused by: javax.security.auth.login.LoginException: No key to store at

seems there is some problem with your keytab file.

Can you check your keytab file (not empty, principals are good, file permissions)?

Don't have an account?
Coming from Hortonworks? Activate your account here