You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oozie.apache.org by "Kuldeep Kulkarni (JIRA)" <ji...@apache.org> on 2017/06/16 18:34:00 UTC

[jira] [Created] (OOZIE-2951) Improve impersonation error logging

Kuldeep Kulkarni created OOZIE-2951:
---------------------------------------

             Summary: Improve impersonation error logging
                 Key: OOZIE-2951
                 URL: https://issues.apache.org/jira/browse/OOZIE-2951
             Project: Oozie
          Issue Type: Bug
         Environment: Oozie - 4.2.0
            Reporter: Kuldeep Kulkarni
            Priority: Minor


Need to improve logging for impersonation related issues.

E.g.

{code}

/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa@REALM; source /usr/hdp/current/oozie-client/conf/oozie-env.sh ; /usr/hdp/current/oozie-client/bin/oozie -Doozie.auth.token.cache=false job -oozie https://<oozie-server>:11443/oozie -config /usr/hdp/current/oozie-client/doc/examples/apps/<blah-blah>/job.properties -run 

Error: E0501 : E0501: Could not perform authorization operation, User: oozie/<blah-blah-blah>@REALM is not allowed to impersonate ambari-qa

{code}

It should trim the username from principal to avoid the confusion.

{code}

/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa@REALM; source /usr/hdp/current/oozie-client/conf/oozie-env.sh ; /usr/hdp/current/oozie-client/bin/oozie -Doozie.auth.token.cache=false job -oozie https://<oozie-server>:11443/oozie -config /usr/hdp/current/oozie-client/doc/examples/apps/<blah-blah>/job.properties -run 

Error: E0501 : E0501: Could not perform authorization operation, User: oozie is not allowed to impersonate ambari-qa

{code}


Thanks,
Kuldeep



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)