Problem
After enabling Native Multi User Impersonation, sometimes requests are failing stating that there are no valid credentials:
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
This error is often the result of an improper Kerberos configuration, however in this case while inspecting the headers, it was seen that the Kerberos ticket in the header was truncated, causing it to be invalid.
Solution
Increase the maximum allowed size of the request header in Jetty. This can be done by modifying the jetty.xml
configuration file located at <Datameer home>/etc
and changing the startup default value:
Default:
<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>
Increased:
<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="16384" /></Set>
Comments
0 comments
Please sign in to leave a comment.