-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
6u31
-
None
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
There is no configuration issue, the principals match and kerberos functions, but when enabling debugging, the following occurs:
I am able to reproduce this in a working cluster by enabling Kerberos debug (HADOOP_OPTS= " -Dsun.security.krb5.debug=true " ):
+ exec /usr/lib/hadoop-hdfs/bin/hdfs --config /var/run/cloudera-scm-agent/process/132-hdfs-NAMENODE namenode
java.io.IOException: Primary principals don't match.
at sun.security.krb5.internal.ccache.FileCredentialsCache.load(FileCredentialsCache.java:218)
at sun.security.krb5.internal.ccache.FileCredentialsCache.acquireInstance(FileCredentialsCache.java:104)
at sun.security.krb5.internal.ccache.CredentialsCache.getInstance(CredentialsCache.java:75)
at sun.security.krb5.Credentials.acquireTGTFromCache(Credentials.java:304)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:589)
I'm certain that this is benign, and you can make the message go away by disabling Kerberos debug logging now that everything is working.
REPRODUCIBILITY :
This bug can be reproduced occasionally.
A DESCRIPTION OF THE PROBLEM :
There is no configuration issue, the principals match and kerberos functions, but when enabling debugging, the following occurs:
I am able to reproduce this in a working cluster by enabling Kerberos debug (HADOOP_OPTS= " -Dsun.security.krb5.debug=true " ):
+ exec /usr/lib/hadoop-hdfs/bin/hdfs --config /var/run/cloudera-scm-agent/process/132-hdfs-NAMENODE namenode
java.io.IOException: Primary principals don't match.
at sun.security.krb5.internal.ccache.FileCredentialsCache.load(FileCredentialsCache.java:218)
at sun.security.krb5.internal.ccache.FileCredentialsCache.acquireInstance(FileCredentialsCache.java:104)
at sun.security.krb5.internal.ccache.CredentialsCache.getInstance(CredentialsCache.java:75)
at sun.security.krb5.Credentials.acquireTGTFromCache(Credentials.java:304)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:589)
I'm certain that this is benign, and you can make the message go away by disabling Kerberos debug logging now that everything is working.
REPRODUCIBILITY :
This bug can be reproduced occasionally.