2020-03-24T11:20:32,863 ERROR [main]: metastore.HiveMetaStore (HiveMetaStore.java:main(9316)) - Metastore Thrift Server threw an exception...
org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: hive/worker.cluster@BIGDATA from keytab /etc/security/keytabs/hive.service.keytab javax.security.auth.login.LoginException: Unable to obtain password from user
	at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1847) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1215) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1008) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.hive.metastore.HiveMetaStore.startMetaStore(HiveMetaStore.java:9378) ~[hive-exec-3.1.0.3.0.1.0-187.jar:3.1.0.3.0.1.0-187]
	at org.apache.hadoop.hive.metastore.HiveMetaStore.main(HiveMetaStore.java:9311) [hive-exec-3.1.0.3.0.1.0-187.jar:3.1.0.3.0.1.0-187]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
	at org.apache.hadoop.util.RunJar.run(RunJar.java:318) [hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.util.RunJar.main(RunJar.java:232) [hadoop-common-3.1.1.3.0.1.0-187.jar:?]
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
	at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897) ~[?:1.8.0_121]
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) ~[?:1.8.0_121]
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_121]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_121]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_121]
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_121]
	at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:1926) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1837) ~[hadoop-common-3.1.1.3.0.1.0-187.jar:?]
	... 10 more
2020-03-24T11:20:32,870 INFO  [shutdown-hook-0]: metastore.HiveMetaStore (HiveMetaStore.java:lambda$main$0(9281)) - Shutting down hive metastore.
2020-03-24T11:20:32,893 INFO  [shutdown-hook-0]: impl.MetricsSystemImpl (MetricsSystemImpl.java:stop(210)) - Stopping hivemetastore metrics system...
2020-03-24T11:20:32,895 INFO  [timeline]: impl.MetricsSinkAdapter (MetricsSinkAdapter.java:publishMetricsFromQueue(141)) - timeline thread interrupted.
2020-03-24T11:20:32,897 INFO  [shutdown-hook-0]: impl.MetricsSystemImpl (MetricsSystemImpl.java:stop(216)) - hivemetastore metrics system stopped.
2020-03-24T11:20:32,897 INFO  [shutdown-hook-0]: impl.MetricsSystemImpl (MetricsSystemImpl.java:shutdown(607)) - hivemetastore metrics system shutdown complete.
2020-03-24T11:20:32,914 INFO  [shutdown-hook-0]: metastore.HiveMetaStore (HiveMetaStore.java:lambda$startupShutdownMessage$1(9719)) - SHUTDOWN_MSG:
异常前的操作
 
Ambari平台开启了kerberos开安认证，hive组件的metastore服务启动报错
 
1、kadmin节点上手动生成了票据，并且手动导出了keytab文件
 
# 手动添加票据
kadmin.local:  addprinc -randkey hive/worker.cluster@BIGDATA
WARNING: no policy specified for hive/worker.cluster@BIGDATA; defaulting to no policy
Principal "hive/worker.cluster@BIGDATA" created.
# 手动生成keytab文件
kadmin.local:  xst -k /opt/hive.service.keytab hive/worker.cluster@BIGDATA
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type des-hmac-sha1 added to keytab WRFILE:/opt/hive.service.keytab.
Entry for principal hive/worker.cluster@BIGDATA with kvno 2, encryption type des-cbc-md5 added to keytab WRFILE:/opt/hive.service.keytab.
2、将生成的keytab文件scp到metastore服务所在节点的keytab路径下
 
[root@manager opt]# scp hive.service.keytab worker.cluster:/etc/security/keytabs/
服务所在节点的keytab文件列表
 
-r--r----- 1 hbase      hadoop 328 Mar 24 10:42 hbase.headless.keytab
-r-------- 1 hbase      hadoop 353 Mar 24 10:42 hbase.service.keytab
-r-------- 1 hdfs       hadoop 323 Mar 24 10:42 hdfs.headless.keytab
-r--r----- 1 yarn       hadoop 348 Mar 24 10:42 hive.llap.task.keytab
-rw------- 1 root       hadoop 586 Mar 24 11:19 hive.service.keytab
-r-------- 1 kafka      hadoop 353 Mar 24 10:42 kafka.service.keytab
3、重启metastore服务，出现错误
 
原因及解决办法
 
错误提示是认证时不能获取密码。
 原因是手动生成的keytab文件其owner是root，应该改成对应组件的系统用户
 
[root@worker keytabs]# chown hive:hadoop hive.service.keytab
......
-rw------- 1 hive       hadoop 586 Mar 24 11:19 hive.service.keytab
再次重启服务，就正常了。
                    文章目录异常异常前的操作原因及解决办法异常2020-03-24T11:20:32,863 ERROR [main]: metastore.HiveMetaStore (HiveMetaStore.java:main(9316)) - Metastore Thrift Server threw an exception...org.apache.hadoop.security.Kerberos...
					
dolphinschedule的报错：javax.security.auth.login.LoginException: Unable to obtain password from user
#可以临时把读权限都放开，再重试一下，验证是否权限问题
chmod a+r /xxx/yyy/zzz.keytab
## 如果是这个问题，用chown和chmod命令，将文件权限设置好就行了
keytab自身有问题，也即可能是keytab里的信息失效了
#可以通过kinit验证是否该问题
kinit -kt /xxx/yyy/zzz.keytab aa/bb@cc
				
unnable obtain password from user
在大数据集群开启kerberos认证后，使用kerberos票据进行kinit认证通过。但是集群运行yarn任务时报错：
javax.security.auth.login.LoginException: Unable to obtain password from user
在kerberos认证的集群下，该问题会经常遇到。其实很简单，是因为使用生成kerberos票据时的linux用户与集群组件匹配不当造成的。比
				
1.No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)) javax.security.auth.login.LoginException: Clock skew too great
很常见，时间同步问题，让调用方和hbase、kerberos服务器的时间一致就行，一般误差在1~2分钟还是能接受
2.Unable to obtainpassw..
				
A novel method for obtaining a single shot multi-point high dynamic range pulse contrast measurement is presented. We use Dammann gratings to generate multiple beamlets by division of amplitude on ultrashort laser pulses. The analysis results show that this method can achieve high dynamic range in pulse contrast measurement on a single shot by using photomultiplier tube (PMT) detectors and the long working distances to minimize cross talk between channels. Some distortion of pulse shape is also 
				
Traditional speckle fringe patterns of electronic speckle pattern interferometry (ESPI) are obtained by adding, subtracting, or multiplying the speckle patterns recorded before and after the deformation. However, these speckle fringe patterns are of limited visibility, especially for addition and multiplication fringe patterns. We propose a novel method to obtain speckle fringe patterns of ESPI from undeformed and deformed speckle patterns. The fringe pattern generated by our method is of high c
				
javax.security.auth.login.loginexception: unable to obtain password from user 是 Java 身份验证系统中的一种异常情况。该异常通常出现在程序试图使用某个用户账户进行验证时，但是无法从用户获取到该账户的密码。这种情况通常表示用户输入的密码错误或者密码无法被系统获取到。
密码是用户账户的敏感信息，确保密码安全非常重要。如果程序无法获取到密码或者获取到了错误的密码，就无法对用户身份进行验证，这样就会出现安全漏洞。为了确保密码安全，Java 提供了一种加密方式，在程序中对密码进行加密，并将加密后的密码存储在数据库中。这样即使被黑客攻击，也无法获取到用户的真实密码，从而提高了系统的安全性。
当出现 javax.security.auth.login.loginexception: unable to obtain password from user 这种异常情况时，我们需要检查程序是否正确地实现了密码加密功能，同时检查用户是否输入了正确的密码。如果用户账户密码不被加密存储，那么就需要尽快处理该漏洞，将用户密码加密存储以提高系统安全性。此外，我们还可以尝试使用更安全的验证方式，例如双因素验证，以进一步提高系统的安全性。
总之，javax.security.auth.login.loginexception: unable to obtain password from user 异常提示我们密码加密与验证机制的重要性，我们需要在系统开发和使用过程中注意密码安全问题，确保系统的安全性和可靠性。