A Big Data batch Job fails with the error, "javax.security.auth.login.LoginException: Unable to obtain password from user"

Symptoms

You create a Big Data batch Job from Studio. The Hadoop environment is using Kerberos authentication. You specify a keytab and service principal name in the Run properties by selecting the Use a keytab to authenticate authentication option. The Job fails with the following error:

 

java.io.IOException: Login failure for USER@MYDOMAIN.COM from keytab C:/Users/USER/Documents/USER.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
  at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
  at local.test_port_0_1.test_port.getConf(test_port.java:1408)
  at local.test_port_0_1.test_port.runJobInTOS(test_port.java:1183)
  at local.test_port_0_1.test_port.main(test_port.java:1075)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
  at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856)
  at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719)
  at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
  at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
  ... 3 more

 

Diagnosis

When you use the kinit command using the keytab file and service principal name (SPN), the ticket is generated successfully. The kinit is executed external to the Talend Studio machine on an edge node.

 

The issue is specific to the Studio machine, so verify the kinit execution on the Studio machine. The kinit fails with the same error. Upon further research, you see the path given for keytab has a typo.

 

Solution

To fix the issue, provide the correct path for the keytab file in the runtime properties for the Big Data Job. Additionally, ensure that the right permissions are available on the keytab file.

Version history
Revision #:
4 of 4
Last update:
‎11-21-2017 02:19 PM
Updated by:
 
Labels (2)
Contributors