some problems related to hiveserver2 with kerberos #469
Comments
|
This line doesn't look right to me: https://gist.github.com/nice-journey/40148566b92e894a16cb28aa682a2740#file-gistfile1-txt-L34 If SPNEGO is not used I'm not sure why the spnego package is being used at this line: https://gist.github.com/nice-journey/40148566b92e894a16cb28aa682a2740#file-gistfile1-txt-L48 Perhaps you just need to create a generic AP request as documented at https://github.com/jcmturner/gokrb5/blob/master/v8/USAGE.md#generic-kerberos-client What form of token does hiveserver2 expect and how do you transport it to the server? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi hello.
Although I have used a lot of time to read the source code of this repo, blog about kerberos and research the method to access hiveserver2 with kerberos, I also stuck to one problem for server days.
Due to the fact that hiveserver2 does not use spnego protocol, so I need to write adapted codes, such as the following gist:
https://gist.github.com/nice-journey/40148566b92e894a16cb28aa682a2740
In the gist code, the first step, access to AS server, and the second step, access to TGS server is ok and no error return.
the third step, line 71 of code, has encountered the following error log of hiveserver2, although the send method does not return error.
The hiveserver2 log is
2022-06-04 01:07:16,919 DEBUG org.apache.thrift.transport.TSaslServerTransport: [HiveServer2-Handler-Pool: Thread-43]: transport map does not contain key 2022-06-04 01:07:16,919 DEBUG org.apache.thrift.transport.TSaslTransport: [HiveServer2-Handler-Pool: Thread-43]: opening transport org.apache.thrift.transport.TSaslServerTransport@5839534b 2022-06-04 01:07:16,923 DEBUG org.apache.thrift.transport.TSaslTransport: [HiveServer2-Handler-Pool: Thread-43]: SERVER: Writing message with status ERROR and payload length 17 2022-06-04 01:07:16,923 DEBUG org.apache.thrift.transport.TSaslServerTransport: [HiveServer2-Handler-Pool: Thread-43]: failed to open server transport org.apache.thrift.transport.TTransportException: Invalid status 96 at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232) at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:184) at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:794) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:791) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1904) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:791) at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) 2022-06-04 01:07:16,924 ERROR org.apache.thrift.server.TThreadPoolServer: [HiveServer2-Handler-Pool: Thread-43]: Error occurred during processing of message. java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Invalid status 96 at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:794) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge.java:791) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1904) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge.java:791) at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.thrift.transport.TTransportException: Invalid status 96 at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232) at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:184) at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125) at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271) at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41) at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216) ... 10 moreI maybe not fully understood the kerberos, could you give me some advices?
The text was updated successfully, but these errors were encountered: