Unable to obtain password from user的一种可能

异常

2020-03-24T11:20:32,863 ERROR [main]: metastore.HiveMetaStore (HiveMetaStore.java:main(9316)) - Metastore Thrift Server threw an exception...
org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: hive/worker.cluster@BIGDATA from keytab /etc/security/keytabs/hive.service.keytab javax.security.auth.login.LoginException: Unable to obtain password from user

	at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1847) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1215) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1008) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.hive.metastore.HiveMetaStore.startMetaStore(HiveMetaStore.java:9378) ~[hive-exec-3.1.0.3.0.1.0-187.jar:3.1.0.3.0.1.0-187]
	at org.apache.hadoop.hive.metastore.HiveMetaStore.main(HiveMetaStore.java:9311) [hive-exec-3.1.0.3.0.1.0-187.jar:3.1.0.3.0.1.0-187]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
	at org.apache.hadoop.util.RunJar.run(RunJar.java:318) [hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.util.RunJar.main(RunJar.java:232) [hadoop-common-3.1.1.3.0.1.0-187.jar:?]
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

	at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897) ~[?:1.8.0_121]
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) ~[?:1.8.0_121]
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_121]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_121]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_121]
	at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:1926) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1837) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	... 10 more
2020-03-24T11:20:32,870 INFO  [shutdown-hook-0]: metastore.HiveMetaStore (HiveMetaStore.java:lambda$main$0(9281)) - Shutting down hive metastore.
2020-03-24T11:20:32,893 INFO  [shutdown-hook-0]: impl.MetricsSystemImpl (MetricsSystemImpl.java:stop(210)) - Stopping hivemetastore metrics system...
2020-03-24T11:20:32,895 INFO  [timeline]: impl.MetricsSinkAdapter (MetricsSinkAdapter.java:publishMetricsFromQueue(141)) - timeline thread interrupted.
2020-03-24T11:20:32,897 INFO  [shutdown-hook-0]: impl.MetricsSystemImpl (MetricsSystemImpl.java:stop(216)) - hivemetastore metrics system stopped.
2020-03-24T11:20:32,897 INFO  [shutdown-hook-0]: impl.MetricsSystemImpl (MetricsSystemImpl.java:shutdown(607)) - hivemetastore metrics system shutdown complete.
2020-03-24T11:20:32,914 INFO  [shutdown-hook-0]: metastore.HiveMetaStore (HiveMetaStore.java:lambda$startupShutdownMessage$1(9719)) - SHUTDOWN_MSG:

异常前的操作

  • 环境:

Ambari平台开启了kerberos开安认证,hive组件的metastore服务启动报错

  • 做的操作

1、kadmin节点上手动生成了票据,并且手动导出了keytab文件

# 手动添加票据
kadmin.local:  addprinc -randkey hive/worker.cluster@BIGDATA
WARNING: no policy specified for hive/worker.cluster@BIGDATA; defaulting to no policy
Principal "hive/worker.cluster@BIGDATA" created.
# 手动生成keytab文件
kadmin.local:  xst -k /opt/hive.service.keytab hive/worker.cluster@BIGDATA
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type des-hmac-sha1 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type des-cbc-md5 added to keytab WRFILE:/opt/hive.service.keytab.

2、将生成的keytab文件scp到metastore服务所在节点的keytab路径下

[root@manager opt]# scp hive.service.keytab worker.cluster:/etc/security/keytabs/

服务所在节点的keytab文件列表

-r--r----- 1 hbase      hadoop 328 Mar 24 10:42 hbase.headless.keytab
-r-------- 1 hbase      hadoop 353 Mar 24 10:42 hbase.service.keytab
-r-------- 1 hdfs       hadoop 323 Mar 24 10:42 hdfs.headless.keytab
-r--r----- 1 yarn       hadoop 348 Mar 24 10:42 hive.llap.task.keytab
-rw------- 1 root       hadoop 586 Mar 24 11:19 hive.service.keytab
-r-------- 1 kafka      hadoop 353 Mar 24 10:42 kafka.service.keytab

3、重启metastore服务,出现错误

原因及解决办法

错误提示是认证时不能获取密码。
原因是手动生成的keytab文件其owner是root,应该改成对应组件的系统用户

[root@worker keytabs]# chown hive:hadoop hive.service.keytab
......
-rw------- 1 hive       hadoop 586 Mar 24 11:19 hive.service.keytab

再次重启服务,就正常了。

  • 2
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 5
    评论
javax.security.auth.login.loginexception: unable to obtain password from user 是 Java 身份验证系统中的一种异常情况。该异常通常出现在程序试图使用某个用户账户进行验证时,但是无法从用户获取到该账户的密码。这种情况通常表示用户输入的密码错误或者密码无法被系统获取到。 密码是用户账户的敏感信息,确保密码安全非常重要。如果程序无法获取到密码或者获取到了错误的密码,就无法对用户身份进行验证,这样就会出现安全漏洞。为了确保密码安全,Java 提供了一种加密方式,在程序中对密码进行加密,并将加密后的密码存储在数据库中。这样即使被黑客攻击,也无法获取到用户的真实密码,从而提高了系统的安全性。 当出现 javax.security.auth.login.loginexception: unable to obtain password from user 这种异常情况时,我们需要检查程序是否正确地实现了密码加密功能,同时检查用户是否输入了正确的密码。如果用户账户密码不被加密存储,那么就需要尽快处理该漏洞,将用户密码加密存储以提高系统安全性。此外,我们还可以尝试使用更安全的验证方式,例如双因素验证,以进一步提高系统的安全性。 总之,javax.security.auth.login.loginexception: unable to obtain password from user 异常提示我们密码加密与验证机制的重要性,我们需要在系统开发和使用过程中注意密码安全问题,确保系统的安全性和可靠性。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 5
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值