解决集群报failure to login: for principal 。。。。Unable to obtain password from user错误

一、问题复现

在做集群项目运行时，报了如下错误：

org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: dal_pro/nm-bigdata.local from keytab /etc/security/keytabs/dal_pro.keytab javax.security.auth.login.LoginException: Unable to obtain password from user
	at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1847)
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1215)
	at cn.ctyun.bigdata.estate.NewMall(MallApp.java:57)
	at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76)
	at cn.ctyun.bigdata.estate.NewMall.MallApp.main(MallApp.java:179)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.hadoop.util.RunJar.run(RunJar.java:323)
	at org.apache.hadoop.util.RunJar.main(RunJar.java:236)

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
	at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:1926)
	at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1837)

二、分析原因及解决办法：

1、票据过时，需要重新刷新票据

kinit  -k -t /etc/security/keytabs/dal_pro.keytab

2、认证文件的keytab的principal有变动

klist -kt /etc/security/keytabs/dal_pro.keytab

将主机列出的principal更新到配置文件中。

3、执行权限属组是不是有变动，或者看执行的keytab文件权限是不是不匹配。