After Enabling Native Multi User - Request Header Is Exceeded and Kerberos Ticket Is Lost.

Problem

After enabling Native Multi User Impersonation, sometimes requests are failing stating that there are no valid credentials:

Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
        at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
        at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)

This error is often the result of an improper Kerberos configuration, however in this case while inspecting  the headers, it was seen that the Kerberos ticket in the header was truncated, causing it to be invalid.

Solution

Increase the maximum allowed size of the request header in Jetty. This can be done by modifying the jetty.xml configuration file located at <Datameer home>/etc and changing the startup default value:

Default:

<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="8192" /></Set>

Increased:

<Set name="requestHeaderSize"><Property name="jetty.request.header.size" default="16384" /></Set>