Solved

Enabling Kerberos: javax.security.auth.login.LoginException: Unable to obtain password from user

  • 12 October 2021
  • 1 reply
  • 6329 views

Userlevel 6
Badge +3
  • Senior Technical Evangelist and Developer Advocate at Snowflake
  • 67 replies

I'm trying to enable Kerberos for my SDC RPM installation, but when I start the SDC I get following exception:

java.lang.RuntimeException: Could not get Kerberos credentials: javax.security.auth.login.LoginEx Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498)

How do I move forward? 

icon

Best answer by Dash 12 October 2021, 01:07

View original

1 reply

Userlevel 6
Badge +3

The issue might be the headless keytab file. Try the following:

Create two principals on your Kerberos host:

  • Headless principle sdc@MYCOMPANY.REALM
  • Service principle sdc/HOSTNAME.FQDN@MYCOMPANY.REALM
  • Create keytab file just for the service principle and change its owner to sdc user with chown
  • Deploy keytab on SDC host under /etc/security/keytabs/
  • Stop SDC and configure the Kerberos properties in $SDC_CONF/sdc.properties as follows:
kerberos.client.enabled=true
kerberos.client.principal=sdc/HOSTNAME.FQDN@MYCOMPANY.REALM
kerberos.client.keytab=/etc/security/keytabs/myService.keytab
  • Start SDC 

Reply