You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Kuldeep Kulkarni (JIRA)" <ji...@apache.org> on 2017/06/16 18:34:00 UTC
[jira] [Created] (OOZIE-2951) Improve impersonation error logging
Kuldeep Kulkarni created OOZIE-2951:
---------------------------------------
Summary: Improve impersonation error logging
Key: OOZIE-2951
URL: https://issues.apache.org/jira/browse/OOZIE-2951
Project: Oozie
Issue Type: Bug
Environment: Oozie - 4.2.0
Reporter: Kuldeep Kulkarni
Priority: Minor
Need to improve logging for impersonation related issues.
E.g.
{code}
/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa@REALM; source /usr/hdp/current/oozie-client/conf/oozie-env.sh ; /usr/hdp/current/oozie-client/bin/oozie -Doozie.auth.token.cache=false job -oozie https://<oozie-server>:11443/oozie -config /usr/hdp/current/oozie-client/doc/examples/apps/<blah-blah>/job.properties -run
Error: E0501 : E0501: Could not perform authorization operation, User: oozie/<blah-blah-blah>@REALM is not allowed to impersonate ambari-qa
{code}
It should trim the username from principal to avoid the confusion.
{code}
/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa@REALM; source /usr/hdp/current/oozie-client/conf/oozie-env.sh ; /usr/hdp/current/oozie-client/bin/oozie -Doozie.auth.token.cache=false job -oozie https://<oozie-server>:11443/oozie -config /usr/hdp/current/oozie-client/doc/examples/apps/<blah-blah>/job.properties -run
Error: E0501 : E0501: Could not perform authorization operation, User: oozie is not allowed to impersonate ambari-qa
{code}
Thanks,
Kuldeep
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)