Hi guys, When I try access HBase in HUE I got the following error: Api Error: Unable to authenticate <Response [401]> And in Thrift Server log: 2017-04-19 10:40:47,312 ERROR [1884538648@qtp-1493988307-4] thrift.ThriftHttpServlet: Kerberos Authentication failed
org.apache.hadoop.hbase.thrift.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:139)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:86)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:767)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: java.lang.reflect.UndeclaredThrowableException
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:134)
... 16 more
Caused by: org.apache.hadoop.hbase.thrift.HttpAuthenticationException: Kerberos authentication failed:
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:190)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:144)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724)
... 17 more
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:178)
... 21 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:102)
at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:291)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:159)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829)
... 24 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:272)
at sun.security.krb5.internal.crypto.Aes256.decrypt(Aes256.java:76)
at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:100)
... 30 more hbase-site.xml: hbase.thrift.security.qop = auth
hbase.thrift.keytab.file = /etc/security/keytabs/hbase.service.keytab
hbase.thrift.kerberos.principal = hbase/_HOST@<myrealm>
Test Thrift server as "hbase" user: [$]hbase org.apache.hadoop.hbase.thrift.HttpDoAsClient <myhost> 9090 hbase true
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Acquire TGT from Cache
Principal is hbase/<myhost>@<myrealm>
Commit Succeeded
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Acquire TGT from Cache
Principal is hbase/<myhost>@<myrealm>
Commit Succeeded
scanning tables...
Ticket is: Negotiate YIICcgYJKoZIhvcSAQICAQBuggJhMIICXaADAgEFoQMCAQ6iBwMFACAAAACjggFmYYIBYjCCAV6gAwIBBaEMGwpIQURPT1AuQ09NoiIwIKADAgEAoRkwFxsFaGJhc2UbDmhhZG9vcDEubG9jYWxko4IBIzCCAR+gAwIBEqEDAgEGooIBEQSCAQ0ZZ0Vi9KwMpyA65xvKOwm7bXFnTr4EXwWj7ikQ8U6HPh2RfHwO39T76vyBFzR0D3Oervgpr4jyKyT+o0NYylSKwDr4iPUpZPUeRzi5wWxgb4+bPDB/UwgYzZOMXtv4Ewx8KuSzafv8Nxc/3X32cOD2gXZ2l4DpVO4HcZDZ/7DOmQRAYzXclkIRuWfMyYxqnjx9ebqTph/18e1OrAeADnOYYORPtUHvKDydVVlEO5k0zp0LBdj68TOD40TzX+ED3K8yurXoU3UWuAg6/vGV+5s4T7J5R+7uMolhwjL4utxi95rCzbDgE6bVeOp92SiZUtGZKWcLze1F7SpFIvbSmkrFs94/Laey5+5c+yOY56SB3TCB2qADAgESooHSBIHPcgeIkkTSTYOxT7rZDtuXijHPf3h+j/p8lB6B07Saw4wwA82P6TPesozw0Tl/G4m/mabuyJgDHqHEyxu2/eG0tDD1V3eVs+x8y+EptcGI0wvCaSvK0S4Q8kZ30bRV7NFegtS1LlYbfbXD7zqrX1CByqr3s92DAzuc8CO6yRY18ZNs8aiP0BhVciVT2pwwTl86iA3ZJbW2JsGgnr1uif/0tqqI6yaZvoANVCAk/6LZXZm1LjJiS7BqCFRdWMIs2Ujl3NFzPnD446+s0r/rCxdn found: ATLAS_ENTITY_AUDIT_EVENTS
found: SESSIONS_SECONDARY
found: atlas_titan
found: demo_table I have configured 2 KDCs master/slave and one-way trust to AD @EDIT I am obtaining "Authorization header received from the client is empty." now. HBase Thrift log: 2017-04-27 12:32:49,220 ERROR [1560162680@qtp-1865201235-5] thrift.ThriftHttpServlet: Failed to perform authentication
2017-04-27 12:32:49,220 ERROR [1560162680@qtp-1865201235-5] thrift.ThriftHttpServlet: Kerberos Authentication failed
org.apache.hadoop.hbase.thrift.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:139)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:86)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:767)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: java.lang.reflect.UndeclaredThrowableException
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:134)
... 16 more
Caused by: org.apache.hadoop.hbase.thrift.HttpAuthenticationException: Authorization header received from the client is empty.
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.getAuthHeader(ThriftHttpServlet.java:212)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:176)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:144)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724)
... 17 more
2017-04-27 12:32:49,229 ERROR [1560162680@qtp-1865201235-5] thrift.ThriftHttpServlet: Failed to perform authentication
2017-04-27 12:32:49,229 ERROR [1560162680@qtp-1865201235-5] thrift.ThriftHttpServlet: Kerberos Authentication failed
org.apache.hadoop.hbase.thrift.HttpAuthenticationException: java.lang.reflect.UndeclaredThrowableException
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:139)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:86)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:767)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: java.lang.reflect.UndeclaredThrowableException
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1742)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet.doKerberosAuth(ThriftHttpServlet.java:134)
... 16 more
Caused by: org.apache.hadoop.hbase.thrift.HttpAuthenticationException: Kerberos authentication failed:
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:190)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:144)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724)
... 17 more
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at org.apache.hadoop.hbase.thrift.ThriftHttpServlet$HttpKerberosServerAction.run(ThriftHttpServlet.java:178)
... 21 more
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:102)
at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:291)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:159)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829)
... 24 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:272)
at sun.security.krb5.internal.crypto.Aes256.decrypt(Aes256.java:76)
at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:100)
... 30 more
and Hue error.log: [27/Apr/2017 12:49:20 +0200] views ERROR failed to parse input as json
Traceback (most recent call last):
File "/home/hue/hue/hue/apps/hbase/src/hbase/views.py", line 55, in safe_json_load
return json.loads(re.sub(r'(?:\")([0-9]+)(?:\")', r'\1', str(raw)))
File "/usr/lib64/python2.6/json/__init__.py", line 307, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.6/json/decoder.py", line 319, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.6/json/decoder.py", line 338, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
[27/Apr/2017 12:49:20 +0200] api ERROR failed to load the HBase clusters
Traceback (most recent call last):
File "/home/hue/hue/hue/apps/hbase/src/hbase/api.py", line 64, in getClusters
full_config = json.loads(conf.HBASE_CLUSTERS.get().replace("'", "\""))
File "/usr/lib64/python2.6/json/__init__.py", line 307, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.6/json/decoder.py", line 319, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.6/json/decoder.py", line 338, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
[27/Apr/2017 12:49:20 +0200] views ERROR failed to parse input as json
Traceback (most recent call last):
File "/home/hue/hue/hue/apps/hbase/src/hbase/views.py", line 55, in safe_json_load
return json.loads(re.sub(r'(?:\")([0-9]+)(?:\")', r'\1', str(raw)))
File "/usr/lib64/python2.6/json/__init__.py", line 307, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.6/json/decoder.py", line 319, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.6/json/decoder.py", line 338, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
[27/Apr/2017 12:49:20 +0200] views ERROR failed to parse input as json
Traceback (most recent call last):
File "/home/hue/hue/hue/apps/hbase/src/hbase/views.py", line 55, in safe_json_load
return json.loads(re.sub(r'(?:\")([0-9]+)(?:\")', r'\1', str(raw)))
File "/usr/lib64/python2.6/json/__init__.py", line 307, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.6/json/decoder.py", line 319, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.6/json/decoder.py", line 338, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
[27/Apr/2017 12:49:20 +0200] api ERROR failed to load the HBase clusters
Traceback (most recent call last):
File "/home/hue/hue/hue/apps/hbase/src/hbase/api.py", line 64, in getClusters
full_config = json.loads(conf.HBASE_CLUSTERS.get().replace("'", "\""))
File "/usr/lib64/python2.6/json/__init__.py", line 307, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.6/json/decoder.py", line 319, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.6/json/decoder.py", line 338, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
[27/Apr/2017 12:49:20 +0200] kerberos_ ERROR authenticate_server(): Authenticate header:
[27/Apr/2017 12:49:20 +0200] kerberos_ ERROR authenticate_server(): authGSSClientStep() failed:
Traceback (most recent call last):
File "/home/hue/hue/hue/build/env/lib/python2.6/site-packages/requests_kerberos-0.6.1-py2.6.egg/requests_kerberos/kerberos_.py", line 229, in authenticate_server
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
[27/Apr/2017 12:49:20 +0200] kerberos_ ERROR handle_mutual_auth(): Mutual authentication failed
[27/Apr/2017 12:49:20 +0200] thrift_util ERROR Thrift saw exception (this may be expected).
Traceback (most recent call last):
File "/home/hue/hue/hue/desktop/core/src/desktop/lib/thrift_util.py", line 425, in wrapper
ret = res(*args, **kwargs)
File "/home/hue/hue/hue/apps/hbase/gen-py/hbased/Hbase.py", line 53, in decorate
return func(*args, **kwargs)
File "/home/hue/hue/hue/apps/hbase/gen-py/hbased/Hbase.py", line 832, in getTableNames
self.send_getTableNames()
File "/home/hue/hue/hue/apps/hbase/gen-py/hbased/Hbase.py", line 840, in send_getTableNames
self._oprot.trans.flush()
File "/home/hue/hue/hue/build/env/lib/python2.6/site-packages/thrift-0.9.1-py2.6-linux-x86_64.egg/thrift/transport/TTransport.py", line 170, in flush
self.__trans.flush()
File "/home/hue/hue/hue/desktop/core/src/desktop/lib/thrift_/http_client.py", line 84, in flush
self._data = self._root.post('', data=data, headers=self._headers)
File "/home/hue/hue/hue/desktop/core/src/desktop/lib/rest/resource.py", line 132, in post
allow_redirects=allow_redirects, clear_cookies=clear_cookies)
File "/home/hue/hue/hue/desktop/core/src/desktop/lib/rest/resource.py", line 81, in invoke
clear_cookies=clear_cookies)
File "/home/hue/hue/hue/desktop/core/src/desktop/lib/rest/http_client.py", line 173, in execute
raise self._exc_class(ex)
RestException: Unable to authenticate <Response [401]>
... View more
