You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Sorabh Hamirwasia (JIRA)" <ji...@apache.org> on 2019/03/01 18:04:00 UTC
[jira] [Resolved] (DRILL-6991) Kerberos ticket is being dumped in
the log if log level is "debug" for stdout
[ https://issues.apache.org/jira/browse/DRILL-6991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sorabh Hamirwasia resolved DRILL-6991.
--------------------------------------
Resolution: Not A Problem
> Kerberos ticket is being dumped in the log if log level is "debug" for stdout
> ------------------------------------------------------------------------------
>
> Key: DRILL-6991
> URL: https://issues.apache.org/jira/browse/DRILL-6991
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.15.0
> Reporter: Anton Gozhiy
> Assignee: Sorabh Hamirwasia
> Priority: Major
> Fix For: 1.16.0
>
>
> *Prerequisites:*
> # Drill is installed on cluster with Kerberos security
> # Into conf/logback.xml, set the following log level:
> {code:xml}
> <root>
> <level value="debug" />
> <appender-ref ref="STDOUT" />
> </root>
> {code}
> *Steps:*
> # Start Drill
> # Connect using sqlline using the following string:
> {noformat}
> bin/sqlline -u "jdbc:drill:zk=<zk server>;principal=<kerberos principal>"
> {noformat}
> *Expected result:*
> No sensitive information should be displayed
> *Actual result:*
> Kerberos ticket and session key are being dumped into console output:
> {noformat}
> 14:35:38.806 [TGT Renewer for mapr/node1.cluster.com@NODE1] DEBUG o.a.h.security.UserGroupInformation - Found tgt Ticket (hex) =
> 0000: 61 82 01 3D 30 82 01 39 A0 03 02 01 05 A1 07 1B a..=0..9........
> 0010: 05 4E 4F 44 45 31 A2 1A 30 18 A0 03 02 01 02 A1 .NODE1..0.......
> 0020: 11 30 0F 1B 06 6B 72 62 74 67 74 1B 05 4E 4F 44 .0...krbtgt..NOD
> 0030: 45 31 A3 82 01 0B 30 82 01 07 A0 03 02 01 12 A1 E1....0.........
> 0040: 03 02 01 01 A2 81 FA 04 81 F7 03 8D A9 FA 7D 89 ................
> 0050: 1B DF 37 B7 4D E6 6C 99 3E 8F FA 48 D9 9A 79 F3 ..7.M.l.>..H..y.
> 0060: 92 34 7F BF 67 1E 77 4A 2F C9 AF 82 93 4E 46 1D .4..g.wJ/....NF.
> 0070: 41 74 B0 AF 41 A8 8B 02 71 83 CC 14 51 72 60 EE At..A...q...Qr`.
> 0080: 29 67 14 F0 A6 33 63 07 41 AA 8D DC 7B 5B 41 F3 )g...3c.A....[A.
> 0090: 83 48 8B 2A 0B 4D 6D 57 9A 6E CF 6B DC 0B C0 D1 .H.*.MmW.n.k....
> 00A0: 83 BB 27 40 88 7E 9F 2B D1 FD A8 6A E1 BF F6 CC ..'@...+...j....
> 00B0: 0E 0C FB 93 5D 69 9A 8B 11 88 0C F2 7C E1 FD 04 ....]i..........
> 00C0: F5 AB 66 0C A4 A4 7B 30 D1 7F F1 2D D6 A1 52 D1 ..f....0...-..R.
> 00D0: 79 59 F2 06 CB 65 FB 73 63 1D 5B E9 4F 28 73 EB yY...e.sc.[.O(s.
> 00E0: 72 7F 04 46 34 56 F4 40 6C C0 2C 39 C0 5B C6 25 r..F4V.@l.,9.[.%
> 00F0: ED EF 64 07 CE ED 35 9D D7 91 6C 8F C9 CE 16 F5 ..d...5...l.....
> 0100: CA 5E 6F DE 08 D2 68 30 C7 03 97 E7 C0 FF D9 52 .^o...h0.......R
> 0110: F8 1D 2F DB 63 6D 12 4A CD 60 AD D0 BA FA 4B CF ../.cm.J.`....K.
> 0120: 2C B9 8C CA 5A E6 EC 10 5A 0A 1F 84 B0 80 BD 39 ,...Z...Z......9
> 0130: 42 2C 33 EB C0 AA 0D 44 F0 F4 E9 87 24 43 BB 9A B,3....D....$C..
> 0140: 52 R
> Client Principal = mapr/node1.cluster.com@NODE1
> Server Principal = krbtgt/NODE1@NODE1
> Session Key = EncryptionKey: keyType=18 keyBytes (hex dump)=
> 0000: 50 DA D1 D7 91 D3 64 BE 45 7B D8 02 25 81 18 25 P.....d.E...%..%
> 0010: DA 59 4F BA 76 67 BB 39 9C F7 17 46 A7 C5 00 E2 .YO.vg.9...F....
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)