osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos Configuration Does Not Apply To Krb5LoginModule


Hi Paul,

Maybe Aljoscha (in CC) can help you with this question.
AFAIK, he has some experience with Flink and Kerberos.

Best, Fabian

2018-08-13 14:51 GMT+02:00 Paul Lam <paullin3280@xxxxxxxxx>:
Hi, 

I built Flink from the latest 1.5.x source code, and got some strange outputs from the command line when submitting a Flink job to the YARN cluster. 

2018-08-13 19:29:47,325 INFO  org.apache.flink.yarn.AbstractYarnClusterDescriptor           - YARN application has been deployed successfully.
Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /home/hadoop/keytab/catmint.keytab refreshKrb5Config is true principal is flink/gdc-flinkyarngw01-catmint.i.nease.net@NIE.NETEASE.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Will use keytab
Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed 
Unable to obtain Principal Name for authentication 
Commit Succeeded

There were two authentication logging outputs, both were printed to the stdout. The former one is right, and the later is not.

It seemed that the Krb5LoginModule failed to read the configuration file and thus used the ticket cache for authentication. I’ve looked into the code, but still have no clue about where these logs came from. 

Could someone help me with this? Thanks!

Best Regards, 
Paul Lam