You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Guanghao Zhang (Jira)" <ji...@apache.org> on 2020/05/19 11:32:00 UTC
[jira] [Created] (PHOENIX-5904) Add log if the configed kerberos
principal login failed
Guanghao Zhang created PHOENIX-5904:
---------------------------------------
Summary: Add log if the configed kerberos principal login failed
Key: PHOENIX-5904
URL: https://issues.apache.org/jira/browse/PHOENIX-5904
Project: Phoenix
Issue Type: Improvement
Components: queryserver
Reporter: Guanghao Zhang
{code:java}
SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
LOG.info("Login successful.");
{code}
But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false.
{code:java}
public static void login(final Configuration conf,
final String keytabFileKey, final String userNameKey, String hostname)
throws IOException {
if(!UserGroupInformation.isSecurityEnabled())
return;
String keytabFilename = conf.get(keytabFileKey);
if (keytabFilename == null || keytabFilename.length() == 0) {
throw new IOException("Running in secure mode, but config doesn't have a keytab");
}
String principalConfig = conf.get(userNameKey, System
.getProperty("user.name"));
String principalName = SecurityUtil.getServerPrincipal(principalConfig,
hostname);
UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
}
{code}
UserGroupInformation.isSecurityEnabled is configed by *hadoop.security.authentication*. But the document only said need to config *hbase.security.authentication*. So, I thought we need to add document about this, too.
QueryServer doc: [https://phoenix.apache.org/server.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)