Error 403 when trying to connect to HBase (using Kerberos)
feenst opened this issue · comments
Here is the full text of the error:
Error 403 org.apache.hadoop.security.authentication.client.AuthenticationException: java.lang.NullPointerException
Here's how I'm setting up the connection and trying to read the data:
const hbase = require('hbase');
const client = hbase({
host: 'my.server.net',
port: 8080,
krb5: {
principal: 'my-principal',
keytab: '/path/to/keytab',
service_principal: 'my-service-principal',
}
});
client.tables((err, data) => {
if (err) {
console.log('Error');
console.log(err);
} else {
console.log('The data is');
console.log(data);
}
})Running Debian 8.6 in a Docker container. Kerberos ticket was set up via krb5 package. I can view the ticket from the command line by running klist.
Output from curl --negotiate -u : 'http://my.server.net:8080/version' is:
rest 0.0.3
[JVM: Oracle Corporation 1.8.0_111-25.111-b15]
[OS: Linux 3.10.0-514.26.2.el7.x86_64 amd64]
[Server: jetty/6.1.26.hwx]
[Jersey: 1.9]
Output from curl --negotiate -u : 'http://my.server.net:8080/version/cluster' is:
1.1.2.2.6.0.3-8
Stepping through the code, I can see the request has an Authorization header with a value of Negotiate plus a token.
Don't know, seems like you're sending the HTTP header and there is no reason for the header to be wrong.
I've got it working now. Resolved by removing the service_principal property from the krb5 object used when initializing the connection.
So instead of this:
krb5: {
principal: 'my-principal',
keytab: '/path/to/keytab',
service_principal: 'my-service-principal',
}
I have this:
krb5: {
principal: 'my-principal',
keytab: '/path/to/keytab',
}
Sorry, I didnt catch this up, service_principal should work if you put "HTTP/{your_target_fqdn}@{YOUR_REALM}"