[Bug] "GSS initiate failed" error occurs when connect to kerberized Kyuubi with Kyuubi beeline

[zhouyifan279]

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

Search before asking

• [X] I have searched in the issues and found no similar issues.

Describe the bug

Failed to connect to kerberized Kyuubi with Kyuubi beeline.

$ ./bin/beeline -u "jdbc:hive2://10.242.30.92:10009/;principal=hive/client.hadoop.com@HADOOP.COM"
log4j:WARN No appenders could be found for logger (org.apache.hadoop.util.Shell).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Connecting to jdbc:hive2://10.242.30.92:10009/;principal=hive/client.hadoop.com@HADOOP.COM
Error: Could not open client transport with JDBC Uri: jdbc:hive2://10.242.30.92:10009/;principal=hive/client.hadoop.com@HADOOP.COM: GSS initiate failed (state=08S01,code=0)
Beeline version 1.4.0-incubating by Apache Kyuubi (Incubating)

Affects Version(s)

1.4.0

Kyuubi Server Log Output

21/12/15 19:12:22 ERROR server.TThreadPoolServer: Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
    at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
    at org.apache.kyuubi.service.authentication.HadoopThriftAuthBridgeServer$TUGIAssumingTransportFactory$$anon$4.run(HadoopThriftAuthBridgeServer.scala:117)
    at org.apache.kyuubi.service.authentication.HadoopThriftAuthBridgeServer$TUGIAssumingTransportFactory$$anon$4.run(HadoopThriftAuthBridgeServer.scala:116)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:360)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1855)
    at org.apache.kyuubi.service.authentication.HadoopThriftAuthBridgeServer$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridgeServer.scala:116)
    at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: GSS initiate failed
    at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
    at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
    at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
    at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
    ... 10 more

Kyuubi Engine Log Output

No response

Kyuubi Server Configurations

kyuubi.authentication KERBEROS
kyuubi.kinit.principal hive/client.hadoop.com@HADOOP.COM
kyuubi.kinit.keytab /etc/security/keytabs/hive.keytab

Kyuubi Engine Configurations

No response

Additional context

No response

Are you willing to submit PR?

• [X] Yes I am willing to submit a PR!

[YetiCuzMountain]

I confronted with the same issue. Is there any solution?

[pan3793]

@YetiCuzMountain Which version of Kyuubi are you using? This issue has been fixed in v1.4.1-incubating.

[YetiCuzMountain]

@YetiCuzMountain Which version of Kyuubi are you using? This issue has been fixed in v1.4.1-incubating.

kyuubi-1.4.1. the latest one .

single kyuubi node

when config keytab and principle in kyuubi-defaults,and use kyuubi beeline to connect. it happened。

[pan3793]

Have you set HADOOP_CONF_DIR in conf/kyuubi-env.sh?

[YetiCuzMountain]

yes i have.

well， i changed my command into "bin/beeline -u 'jdbc:hive2://hostname:10009/;principal=xxxx' and added spark.yarn.queue=xxxx into kyuubi-defaults.conf，

it works.