Closed sangetang closed 9 months ago
Sorry I missed this issue. This library is a wrapper for the gssapi C library and any validation of the ticket or server lookup is done at that lower level which we don't really have control over. The error indicates the server that was used with the SPN was krbtgt/EC2.INTERNAL@US.COTTICOFFEE.GLOBAL
whereas your klist
entry has it as US.COTTICOFFEE.GLOBAL@US.COTTICOFFEE.GLOBAL
. We don't do any DNS lookups here, anything provided to this library is what is provided to the C gssapi library.
You'll have to investigate what is calling spnego
here and the values it provides. You might even have some config values in the GSSAPI library being used, for example MIT krb5 has krb5.config.
邮件已收到,谢谢!祝你生活愉快!
What went wrong?
Traceback (most recent call last): File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/requestskerberos/kerberos.py", line 227, in generate_request_header gss_response = ctx.step(in_token=negotiate_resp_value) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/spnego/context.py", line 71, in wrapper raise SpnegoError(base_error=native_err, context_msg=context) from native_err spnego.exceptions.SpnegoError: SpnegoError (4294967295): Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638919): Server krbtgt/EC2.INTERNAL@US.COTTICOFFEE.GLOBAL not found in Kerberos database, Context: Processing security token 2023-12-11 06:34:44,812:ERROR:requests_kerberos.kerberos:SpnegoError (4294967295): Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638919): Server krbtgt/EC2.INTERNAL@US.COTTICOFFEE.GLOBAL not found in Kerberos database, Context: Processing security token Traceback (most recent call last): File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/spnego/_context.py", line 68, in wrapper return func(*args, kwargs) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/spnego/_gss.py", line 431, in step out_token = self._context.step(in_token) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/decorator.py", line 232, in fun return caller(func, *(extras + args), *kw) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/gssapi/_utils.py", line 165, in check_last_err return func(self, args, kwargs) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/decorator.py", line 232, in fun return caller(func, *(extras + args), *kw) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/gssapi/_utils.py", line 131, in catch_and_return_token return func(self, args, **kwargs) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/gssapi/sec_contexts.py", line 584, in step return self._initiator_step(token=token) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/gssapi/sec_contexts.py", line 606, in _initiator_step res = rsec_contexts.init_sec_context(self._target_name, self._creds, File "gssapi/raw/sec_contexts.pyx", line 188, in gssapi.raw.sec_contexts.init_sec_context gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638919): Server krbtgt/EC2.INTERNAL@US.COTTICOFFEE.GLOBAL not found in Kerberos database
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/requestskerberos/kerberos.py", line 227, in generate_request_header gss_response = ctx.step(in_token=negotiate_resp_value) File "/home/miniconda3/envs/superset/lib/python3.9/site-packages/spnego/_context.py", line 71, in wrapper raise SpnegoError(base_error=native_err, context_msg=context) from native_err spnego.exceptions.SpnegoError: SpnegoError (4294967295): Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638919): Server krbtgt/EC2.INTERNAL@US.COTTICOFFEE.GLOBAL not found in Kerberos database, Context: Processing security token
How do we reproduce?
AWS EC2 superset add trino database (Remember to use fenced code blocks and consider placing in a gist if large)
Component versions (python-gssapi, Kerberos, OS / distro, etc.)
(Please include MIT/Heimdal/etc. and how you installed python-gssapi)