(DEPRECATED) Apache Flink User Mailing List archive.

Kerberos Configuration Does Not Apply To Krb5LoginModule

classic Classic list List threaded Threaded
2 messages Options
Paul Lam
Reply | Threaded
Open this post in threaded view
|

Kerberos Configuration Does Not Apply To Krb5LoginModule

Paul Lam
Hi, 

I built Flink from the latest 1.5.x source code, and got some strange outputs from the command line when submitting a Flink job to the YARN cluster. 

2018-08-13 19:29:47,325 INFO  org.apache.flink.yarn.AbstractYarnClusterDescriptor           - YARN application has been deployed successfully.
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /home/hadoop/keytab/catmint.keytab refreshKrb5Config is true principal is [hidden email] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
principal is [hidden email]
Will use keytab
Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed 
Unable to obtain Principal Name for authentication 
Commit Succeeded

There were two authentication logging outputs, both were printed to the stdout. The former one is right, and the later is not.

It seemed that the Krb5LoginModule failed to read the configuration file and thus used the ticket cache for authentication. I’ve looked into the code, but still have no clue about where these logs came from. 

Could someone help me with this? Thanks!

Best Regards, 
Paul Lam
Fabian Hueske-2
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos Configuration Does Not Apply To Krb5LoginModule

Fabian Hueske-2
Hi Paul,

Maybe Aljoscha (in CC) can help you with this question.
AFAIK, he has some experience with Flink and Kerberos.

Best, Fabian

2018-08-13 14:51 GMT+02:00 Paul Lam <[hidden email]>:
Hi, 

I built Flink from the latest 1.5.x source code, and got some strange outputs from the command line when submitting a Flink job to the YARN cluster. 

2018-08-13 19:29:47,325 INFO  org.apache.flink.yarn.AbstractYarnClusterDescriptor           - YARN application has been deployed successfully.
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /home/hadoop/keytab/catmint.keytab refreshKrb5Config is true principal is [hidden email] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
principal is [hidden email]
Will use keytab
Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed 
Unable to obtain Principal Name for authentication 
Commit Succeeded

There were two authentication logging outputs, both were printed to the stdout. The former one is right, and the later is not.

It seemed that the Krb5LoginModule failed to read the configuration file and thus used the ticket cache for authentication. I’ve looked into the code, but still have no clue about where these logs came from. 

Could someone help me with this? Thanks!

Best Regards, 
Paul Lam
Free forum by Nabble Edit this page