Kerberos error java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed

If you are running Arcadia Enterprise 4.5.0.0 on Cloudera with Kerberos you may find that the Arcadia services will not start and an error will be present in the log files.

Error message seen in the arcengined, catalogd, and/or statestored log files:

Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

This is a known bug being addressed in the next version of Arcadia Enterprise. Use the following workaround to fix this issue.

Add the following line to the Arcadia configuration settings within Cloudera Manager:

--use_kudu_kinit=false

Add this line to the following configuration areas in Cloudera Manager:

Arcadia Analytics Engine Advanced Configuration Snippet (Safety Valve) for flagfile
Arcadia Catalog Cache Advanced Configuration Snippet (Safety Valve) for flagfile
Arcadia State Server Advanced Configuration Snippet (Safety Valve) for flagfile

You will then need to restart the Arcadia Enterprise Service.

1 Like

This will impact the arcadia analytics engine components (arceninged, statstored, catalogd). The visualization server will come up fine.

The Engine would fail to come up and complain about privileges issues on the /tmp/krb5cc_impala_internal.

In particular, the error would

Unable to send heartbeat message to subscriber xxxx received error: Couldn’t open transport for xxxx (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: /tmp/krb5cc_impala_internal)))

1 Like