You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Guanghao Zhang (Jira)" <ji...@apache.org> on 2020/05/20 10:52:00 UTC
[jira] [Updated] (PHOENIX-5904) Add log if the configed kerberos
principal login failed
[ https://issues.apache.org/jira/browse/PHOENIX-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guanghao Zhang updated PHOENIX-5904:
------------------------------------
Attachment: PHOENIX-5904.website.diff
> Add log if the configed kerberos principal login failed
> -------------------------------------------------------
>
> Key: PHOENIX-5904
> URL: https://issues.apache.org/jira/browse/PHOENIX-5904
> Project: Phoenix
> Issue Type: Improvement
> Components: queryserver
> Reporter: Guanghao Zhang
> Assignee: Guanghao Zhang
> Priority: Minor
> Attachments: PHOENIX-5904.website.diff
>
>
> {code:java}
> SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
> QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
> LOG.info("Login successful.");
> {code}
> But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false.
>
> {code:java}
> public static void login(final Configuration conf,
> final String keytabFileKey, final String userNameKey, String hostname)
> throws IOException {
>
> if(!UserGroupInformation.isSecurityEnabled())
> return;
>
> String keytabFilename = conf.get(keytabFileKey);
> if (keytabFilename == null || keytabFilename.length() == 0) {
> throw new IOException("Running in secure mode, but config doesn't have a keytab");
> }
> String principalConfig = conf.get(userNameKey, System
> .getProperty("user.name"));
> String principalName = SecurityUtil.getServerPrincipal(principalConfig,
> hostname);
> UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
> }
> {code}
> UserGroupInformation.isSecurityEnabled is configed by *hadoop.security.authentication*. But the document only said need to config *hbase.security.authentication*. So, I thought we need to add document about this, too.
>
> QueryServer doc: [https://phoenix.apache.org/server.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)