Unable to authenticate with kerberos for sentry

Description

I am trying to use sentry for cdh 5.12, kylo 0.8.3. I have kerberos enabled in the environment(tested, Ingestion feed is working). For sentry configuration, i have followed your documentation and here is my authorization.sentry.properties file:
beeline.connection.url=jdbc:hive2://localhost:10000/default;principal=hive/containerhadoop.container.com@CLOUDERA
beeline.drive.name=org.apache.hive.jdbc.HiveDriver
beeline.userName=nifi
beeline.password=
hdfs.hadoop.configuration=/etc/hadoop/conf/hdfs-site.xml,/etc/hadoop/conf/core-site.xml
authorization.sentry.groups=sentryAdmin,sentryUser
sentry.kerberos.principal=nifi
sentry.kerberos.KeytabLocation=/etc/nifi.headless.keytab
sentry.IsKerberosEnabled=true
authorization.sentry.type=static
authorization.sentry.groups=sentryAdmin,sentryUser
authorization.sentry.unix.group.filePath=/etc/group
authorization.sentry.ldap.url=ldap://192.168.56.105:389
authorization.sentry.ldap.authDn=cn=shashi,dc=teradata,dc=com
authorization.sentry.ldap.password=thinkbig123
authorization.sentry.ldap.authenticator.groupDnPatterns=dc=teradata,dc=com

Here is the stacktrace of error:
ERROR shared-1:SentryAuthorizationService:535 - Unable to authenticate with Kerberos while creating Sentry Policy Login failure for nifi from keytab /etc/nifi.headless.keytab
2017-12-18 12:13:21 ERROR shared-1:SentryAuthorizationService:187 - Error Creating Sentry HDFS Policy using Kerberos Authenticationjava.io.IOException: Login failure for nifi from keytab /etc/nifi.headless.keytab
2017-12-18 12:13:21 ERROR shared-1:BaseHadoopAuthorizationService:103 - Error creating Kylo Authorization policy after metadata property change event
java.lang.RuntimeException: java.lang.RuntimeException: java.io.IOException: Login failure for nifi from keytab /etc/nifi.headless.keytab
at com.thinkbiganalytics.datalake.authorization.SentryAuthorizationService.createOrUpdateReadOnlyHdfsPolicy(SentryAuthorizationService.java:188)
at com.thinkbiganalytics.datalake.authorization.service.BaseHadoopAuthorizationService$FeedPropertyChangeDispatcher.notify(BaseHadoopAuthorizationService.java:86)
at com.thinkbiganalytics.datalake.authorization.service.BaseHadoopAuthorizationService$FeedPropertyChangeDispatcher.notify(BaseHadoopAuthorizationService.java:72)
at com.thinkbiganalytics.metadata.event.reactor.ReactorMetadataEventService$ListenerConsumer.accept(ReactorMetadataEventService.java:136)
at com.thinkbiganalytics.metadata.event.reactor.ReactorMetadataEventService$ListenerConsumer.accept(ReactorMetadataEventService.java:125)
at reactor.bus.EventBus$3.accept(EventBus.java:317)
at reactor.bus.EventBus$3.accept(EventBus.java:310)
at reactor.bus.routing.ConsumerFilteringRouter.route(ConsumerFilteringRouter.java:72)
at reactor.bus.EventBus.accept(EventBus.java:591)
at reactor.bus.EventBus.accept(EventBus.java:63)
at reactor.core.dispatch.AbstractLifecycleDispatcher.route(AbstractLifecycleDispatcher.java:160)
at reactor.core.dispatch.SingleThreadDispatcher$SingleThreadTask.run(SingleThreadDispatcher.java:79)
at reactor.core.dispatch.RingBufferDispatcher$3.onEvent(RingBufferDispatcher.java:156)
at reactor.core.dispatch.RingBufferDispatcher$3.onEvent(RingBufferDispatcher.java:153)
at reactor.jarjar.com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:128)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: java.io.IOException: Login failure for nifi from keytab /etc/nifi.headless.keytab
at com.thinkbiganalytics.datalake.authorization.SentryAuthorizationService.authenticatePolicyCreatorWithKerberos(SentryAuthorizationService.java:536)
at com.thinkbiganalytics.datalake.authorization.SentryAuthorizationService.createOrUpdateReadOnlyHdfsPolicy(SentryAuthorizationService.java:174)
... 17 more
Caused by: java.io.IOException: Login failure for nifi from keytab /etc/nifi.headless.keytab
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1145)
at com.thinkbiganalytics.kerberos.KerberosTicketGenerator.generateKerberosTicket(KerberosTicketGenerator.java:52)
at com.thinkbiganalytics.datalake.authorization.SentryAuthorizationService.authenticatePolicyCreatorWithKerberos(SentryAuthorizationService.java:531)
... 18 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

Environment

None

Status

Assignee

Unassigned

Reporter

Ankita Makwana

Labels

None

Reviewer

None

Story point estimate

None

Components

Priority

High
Configure