Copy:
kerberos@mit.edu
thanks Greg, In our case it is a single process as we are just testing connection. No concurrency there. Very simple setup, PowerBI Report server connects to Hive(Cloudera) with Cloudera's native odbc driver. For some
types of reports it works and we authenticate without problems but the most important report(which is kind of legacy type) throws that GSS error.
Any advice with another message:
ccselect can't find appropriate cache for server principal hive/bda1node01.bog.ge at BDA1.BOG.GE <
https://mailman.mit.edu/mailman/listinfo/kerberos>
log says client getting and creating authenticator, though klist shows
server credential is in client's cache
[10708] 1641384364.890004: ccselect can't find appropriate cache for
server principal hive/
bda1node01.bog.ge@BDA1.BOG.GE
[10708] 1641384364.906000: Getting credentials
vkvantaliani@BOG.GE -> hive/
bda1node01.bog.ge@BDA1.BOG.GE using ccache API:krb5cc
[10708] 1641384364.906001: Retrieving
vkvantaliani@BOG.GE -> hive/
bda1node01.bog.ge@BDA1.BOG.GE from API:krb5cc with result:
0/Success
[10708] 1641384364.906003: Creating authenticator for
vkvantaliani@BOG.GE -> hive/
bda1node01.bog.ge@BDA1.BOG.GE, seqnum
229919889, subkey
And in this case client authenticates and connection is good.
Could it be somehow related with kerberos pre authentication at AD?
Another questions is if there is any sense of playing with different
type of caches, like DIR, MEMORY etc.
Thank you,
On Thu, Jan 6, 2022 at 8:34 PM Greg Hudson <
ghudson@mit.edu> wrote:
On 1/5/22 7:52 AM, Vato Kvantaliani wrote:
Error: Unspecified GSS failure. Minor code may provide more information (Internal credentials cache error)
This error message came up in April:
https://mailman.mit.edu/pipermail/kerberos/2021-April/022630.html
It's hard to be sure that the cause is the same without knowing more
about the setup. In that case the cause was multiple threads or
processes trying to refresh the ccache from a client keytab at the same
time.
To address this issue, I implemented atomic replacement for most
credential cache types:
https://github.com/krb5/krb5/commit/371f09d4bf4ca0c7ba15c5ef909bc35307ed9cc3
However, it will be some time before this works its way into a Kerberos
for Windows release. I'm not sure I can offer concrete advice since I
am not familiar with PowerBI.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)