After enabling Native Multi User Impersonation, sometimes requests are failing stating that there are no valid credentials:
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
This error is often the result of an improper Kerberos configuration, however in this case while inspecting the headers, it was seen that the Kerberos ticket in the header was truncated, causing it to be invalid.
Increase the maximum allowed size of the request header in Jetty. This can be done by modifying the
jetty.xml configuration file located at
<Datameer home>/etc and changing the startup default value:
<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>
<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="16384" /></Set>
Please sign in to leave a comment.