I am developing an Java Application and this application is saving a result data to HDFS. The java Application should run in my windows machine.
We using Kerberos Authentication and we placed a keytab file in NAS drive. And we saved Hadoop config Files in the same NAS drive.
My issues is when I load the Hadoop config files from NAS drive, Its throwing me some Authetication error, But my application is running fine if I load the config files from my local File System (I also saved the config files inside C:\Hadoop)
Below is my working code snippet. (keytab file in NAS, Hadoop config files in local file system)
static String KeyTabPath = "\\\\path\\2\\keytabfile\\name.keytab"
Configuration config = new Configuration();
config.set("fs.defaultFS", "hdfs://xxx.xx.xx.com:8020");
config.addResource(new Path("C:\\Hadoop\\core-site.xml"));
config.addResource(new Path("C:\\Hadoop\\hdfs-site.xml"));
config.addResource(new Path("C:\\Hadoop\\mapred-site.xml"));
config.addResource(new Path("C:\\Hadoop\\yarn-site.xml"));
config.set("fs.hdfs.impl", org.apache.hadoop.hdfs.DistributedFileSystem.class.getName());
config.set("fs.file.impl",org.apache.hadoop.fs.LocalFileSystem.class.getName());
// Kerberos Authentication
config.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(config);
UserGroupInformation.loginUserFromKeytab("name@xx.xx.COM",KeyTabPath);
I tried loading config files also from the NAS drive but getting kerberos authentication error. Below is the code snippet which throwing error (Keytab file in NAS and Hadoop config files also in NAS)
static String KeyTabPath = "\\\\path\\2\\keytabfile\\name.keytab"
Configuration config = new Configuration();
config.set("fs.defaultFS", "hdfs://xxx.xx.xx.com:8020");
config.addResource(new Path("\\\\NASDrive\\core-site.xml"));
config.addResource(new Path("\\\\NASDrive\\hdfs-site.xml"));
config.addResource(new Path("\\\\NASDrive\\mapred-site.xml"));
config.addResource(new Path("\\\\NASDrive\\yarn-site.xml"));
config.set("fs.hdfs.impl", org.apache.hadoop.hdfs.DistributedFileSystem.class.getName());
config.set("fs.file.impl",org.apache.hadoop.fs.LocalFileSystem.class.getName());
// Kerberos Authentication
config.set("hadoop.security.authentication", "Kerberos");
UserGroupInformation.setConfiguration(config);
UserGroupInformation.loginUserFromKeytab("name@xx.xx.COM",KeyTabPath);
Below is the Error Message
java.io.IOException: Login failure for name@XX.XX.COM from keytab \\NASdrive\name.keytab: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name name@XX.XX.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@XX.XX.COM
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
at Appname.ldapLookupLoop(Appname.java:111)
at Appname.main(Appname.java:70)
Caused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name name@XX.XX.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@XX.XX.COM
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
... 2 more
Caused by: java.lang.IllegalArgumentException: Illegal principal name name@XX.XX.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@XX.XX.COM
at org.apache.hadoop.security.User.<init>(User.java:51)
at org.apache.hadoop.security.User.<init>(User.java:43)
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:197)
... 14 more
Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@XX.XX.COM
at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
at org.apache.hadoop.security.User.<init>(User.java:48)
... 16 more
Jul 06, 2016 4:29:14 PM com.XX.it.logging.JdkMapper info
INFO: IO Exception occured: java.io.IOException: Login failure for name@XX.XX.COM from keytab \\NASdrive\name.keytab: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name name@XX.XX.COM: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@XX.XX.COM
So issues seems to be loading the config file. My application reading the keytab file fine from NAS drive, but not the Hadoop config files. What could be the issue. I checked all the NAS Drive permissions and file permissions. Everthing is fine. I dont know where the issue is. please anyone help me to find out the issue.
