Submitting A Command Line Oozie Job With Kerberos Fails With SPENGO Error
(Doc ID 1932192.1)
Last updated on NOVEMBER 08, 2022
Applies to:
Big Data Appliance Integrated Software - Version 3.0.1 and laterLinux x86-64
Symptoms
Submitting an oozie job in the kerberos enabled environment fails with following SPENGO Errors.
$ klist
Ticket cache: FILE:/tmp/krb5cc_<#>_<#>
Default principal: <user>@EXAMPLE.COM
Valid starting Expires Service principal
09/18/14 14:45:23 09/19/14 00:45:23 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 09/25/14 14:45:23
$ oozie job -oozie http://node04:11000/oozie -config job.properties -run
Error: AUTHENTICATION : Could not authenticate, org.apache.hadoop.security.authentication.client.AuthenticationException: Invalid SPNEGO sequence, 'WWW-Authenticate' header incorrect: null
Destroying the user authentication and reinitiating it still fails with same error:
$ kdestroy
$ kinit <user>
Password for <user>@EXAMPLE.COM:
$ oozie job -oozie http://node04:11000/oozie -config job.properties -run
Error: AUTHENTICATION : Could not authenticate, org.apache.hadoop.security.authentication.client.AuthenticationException: Invalid SPNEGO sequence, 'WWW-Authenticate' header incorrect: null
Oozie log shows the following error:
org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |