<div dir="ltr">w.r.t. Server <span style="font-size:12.8px">not found in Kerberos database error, I generated another keytab with indicated principal and got past the error.</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">FYI</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 14, 2017 at 6:49 PM, Ted Yu <span dir="ltr"><<a href="mailto:yuzhihong@gmail.com" target="_blank">yuzhihong@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Got over previous error (for now).<div><br></div><div>However, this time I got:</div><div><br><div>Mar 14 10:00:46 5f4a350528ca client-test: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server hbase/<a href="mailto:5f4a350528ca@EXAMPLE.COM" target="_blank">5f4a350528ca@EXAMPLE.COM</a> not found in Kerberos database)<br></div></div><div><br></div><div>5f4a350528ca is the docker VM.<br></div><div><br></div><div><div># klist</div><div>Ticket cache: FILE:/tmp/krb5cc_0</div><div>Default principal: hbase/<a href="mailto:localhost@EXAMPLE.COM" target="_blank">localhost@EXAMPLE.COM</a></div><div><br></div><div>Valid starting Expires Service principal</div><div>03/14/17 04:02:50 03/14/17 14:02:50 krbtgt/<a href="mailto:EXAMPLE.COM@EXAMPLE.COM" target="_blank">EXAMPLE.COM@EXAMPLE.<wbr>COM</a></div><div><span class="m_-6482861698942370517gmail-Apple-tab-span" style="white-space:pre-wrap"> </span>renew until 03/21/17 04:02:50</div></div><div><br></div><div>How do I get over the above error ?</div><div><br></div><div>Thanks</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 14, 2017 at 4:09 PM, Ted Yu <span dir="ltr"><<a href="mailto:yuzhihong@gmail.com" target="_blank">yuzhihong@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div>I use the following code for calling <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1" style="font-family:monaco;font-size:11px">sasl_client_init</span><span style="font-family:monaco;font-size:11px">():</span></div>
<div>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">id</span> = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">SASL_CB_GETPATH</span>;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">proc</span> = (<span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">sasl_callback_ft</span>) &GetPluginPath;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">context</span> = (<span class="m_-6482861698942370517m_-2350311751953578776gmail-s2">void</span> *)(sasl_plugin_dir_path.<span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">c_str</span>(<wbr>));</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> ++callback;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p2"><br></p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> </span>/* user */</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">id</span> = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">SASL_CB_USER</span>;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">proc</span> = (<span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">sasl_callback_ft</span>) &Simple;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">context</span> = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s2">const_cast</span><<span class="m_-6482861698942370517m_-2350311751953578776gmail-s2">char</span> *>(<span class="m_-6482861698942370517m_-2350311751953578776gmail-s4">user_name_</span>.<span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">c_str</span>());</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> ++callback;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p2"><br></p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> </span>/* termination */</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">id</span> = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">SASL_CB_LIST_END</span>;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">proc</span> = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">NULL</span>;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> callback-><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">context</span> = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">NULL</span>;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> ++callback;</p>
<p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> rc = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">sasl_client_init</span>(callbacks);</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"><br></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">
</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">sasl_client_init</span>() returned 0.</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">But the following:</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">const</span> <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">char</span> *mechusing, *mechlist = <span class="m_-6482861698942370517m_-2350311751953578776gmail-s2">"GSSAPI"</span>;</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p2"><br></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> <span class="m_-6482861698942370517m_-2350311751953578776gmail-s1">do</span> {</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> </span><span class="m_-6482861698942370517m_-2350311751953578776gmail-s4">currentReturnCode</span><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> = </span><span class="m_-6482861698942370517m_-2350311751953578776gmail-s5">sasl_client_start</span><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3">(</span><span class="m_-6482861698942370517m_-2350311751953578776gmail-s4">sconn_</span><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3">, </span>/* the same context from above */<br></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> mechlist, </span>/* the list of mechanisms</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"> from the server */</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> <span class="m_-6482861698942370517m_-2350311751953578776gmail-s6">NULL</span>, <span class="m_-6482861698942370517m_-2350311751953578776gmail-s7">/* filled in if an</span></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"> interaction is needed */</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> &out, </span>/* filled in on success */</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p3"><span class="m_-6482861698942370517m_-2350311751953578776gmail-s3"> &outlen, </span>/* filled in on success */</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">
</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> &mechusing);</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">gave me -4.</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">I saw this auth log:</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"> Mar 14 09:01:33 5f4a350528ca client-test: No worthy mechs found<br></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">Under CYRUS_SASL_PLUGINS_DIR :</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"># ls /usr/lib/sasl2</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"><a href="http://libanonymous.la" target="_blank">libanonymous.la</a> <a href="http://libcrammd5.la" target="_blank">libcrammd5.la</a> <a href="http://libdigestmd5.la" target="_blank">libdigestmd5.la</a> <a href="http://libgs2.la" target="_blank">libgs2.la</a> <a href="http://libgssapiv2.la" target="_blank">libgssapiv2.la</a> <a href="http://libotp.la" target="_blank">libotp.la</a> <a href="http://libplain.la" target="_blank">libplain.la</a> <a href="http://libscram.la" target="_blank">libscram.la</a></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">libanonymous.so libcrammd5.so libdigestmd5.so libgs2.so libgssapiv2.so libotp.so libplain.so libscram.so</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">libanonymous.so.3 libcrammd5.so.3 libdigestmd5.so.3 libgs2.so.3 libgssapiv2.so.3 libotp.so.3 libplain.so.3 libscram.so.3</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">libanonymous.so.3.0.0 libcrammd5.so.3.0.0 libdigestmd5.so.3.0.0 libgs2.so.3.0.0 libgssapiv2.so.3.0.0 libotp.so.3.0.0 libplain.so.3.0.0 libscram.so.3.0.0</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1"><br></p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">Is there any lib which was missing ?</p><p class="m_-6482861698942370517m_-2350311751953578776gmail-p1">Thanks</p></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>