APAR status
Closed as program error.
Error description
The Service Principal entry in the Create Hive table option is not being honoured in the File Connector, because of which, the File Connector jobs using Cross realm authentication are failing with the following exception when the Create Hive table option is used. Item #: 13 Event ID: 103 Timestamp: 2017-01-24 13:00:04 Type: Fatal User Name: a401885 Message Id: IIS-CONN-NGBR-00002 Message: Create_Hive: java.security.PrivilegedActionException: java.sql.SQLException: [IBM][Hive JDBC Driver]A username was not specified and the driver could not establish a connection using Kerberos (type 4) integrated security: org.ietf.jgss.GSSException, major code: 11, minor code: 0 major string: General failure, unspecified at GSSAPI level minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.internal.KrbException, status code: 41 message: Message stream modified at java.security.AccessController.doPrivileged(AccessController.jav a:494) at javax.security.auth.Subject.doAs(Subject.java:572) at com.ibm.iis.cc.filesystem.hive.HiveTools.connect(HiveTools.java: 558) at com.ibm.iis.cc.filesystem.hive.HiveTools._performAction(HiveTool s.java:291) at com.ibm.iis.cc.filesystem.hive.HiveTools.performAction(HiveTools .java:173) at com.ibm.iis.cc.filesystem.FileSystem.createHiveTable(FileSystem. java:1764) at com.ibm.iis.cc.filesystem.FileSystem.initialize(FileSystem.java: 575) at com.ibm.is.cc.javastage.connector.CC_JavaAdapter.initializeProce ssor(CC_JavaAdapter.java:1030) Note : 1. Issue would be seen only in the Kerberos environment using Cross realm authentication. 2. Only when the Create Hive Table option is used in the File Connector.
Local fix
Problem summary
The Service Principal entry in the Create Hive table option in File Connector is not honoured when cross-realm authentication is used in the cluster. Hence the jobs using the File Connector are failing with the exception shown below when create hive table option is used. Item #: 13 Event ID: 103 Timestamp: 2017-01-24 13:00:04 Type: Fatal User Name: a401885 Message Id: IIS-CONN-NGBR-00002 Message: Create_Hive: java.security.PrivilegedActionException: java.sql.SQLException: [IBM][Hive JDBC Driver]A username was not specified and the driver could not establish a connection using Kerberos (type 4) integrated security: org.ietf.jgss.GSSException, major code: 11, minor code: 0 major string: General failure, unspecified at GSSAPI level minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.internal.KrbException, status code: 41 message: Message stream modified at java.security.AccessController.doPrivileged(AccessController.jav a:494) at javax.security.auth.Subject.doAs(Subject.java:572) at com.ibm.iis.cc.filesystem.hive.HiveTools.connect(HiveTools.java: 558) at com.ibm.iis.cc.filesystem.hive.HiveTools._performAction(HiveTool s.java:291) at com.ibm.iis.cc.filesystem.hive.HiveTools.performAction(HiveTools .java:173) at com.ibm.iis.cc.filesystem.FileSystem.createHiveTable(FileSystem. java:1764) at com.ibm.iis.cc.filesystem.FileSystem.initialize(FileSystem.java: 575) at com.ibm.is.cc.javastage.connector.CC_JavaAdapter.initializeProce ssor(CC_JavaAdapter.java:1030) Note : 1. Issue would be seen only in the Kerberos environment using Cross realm authentication. 2. Only when the Create Hive Table option is used in the File Connector
Problem conclusion
Problem has been addressed by correctly picking the hive service principal when the cross realm authentication is enabled.
Temporary fix
Comments
APAR Information
APAR number
JR57379
Reported component name
WIS DATASTAGE
Reported component ID
5724Q36DS
Reported release
B50
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-02-06
Closed date
2017-05-05
Last modified date
2017-05-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WIS DATASTAGE
Fixed component ID
5724Q36DS
Applicable component levels
RB50 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVSEF","label":"IBM InfoSphere DataStage"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
05 May 2017