You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2015/11/19 17:10:12 UTC

[jira] [Resolved] (HADOOP-10629) security diagnostics info being dropped in exceptions seen by client

     [ https://issues.apache.org/jira/browse/HADOOP-10629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steve Loughran resolved HADOOP-10629.
-------------------------------------
       Resolution: Cannot Reproduce
    Fix Version/s: 2.7.0

Given the logs I am staring at do have the GSS Exception text, I can conclude that everything is now being logged. Consider it fixed at some point in the past.

{code}[2015-11-19 15:55:28,003] [main] WARN  ipc.Client - Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
[2015-11-19 15:55:58,014] [main] WARN  ipc.Client - Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
[2015-11-19 15:56:28,024] [main] WARN  ipc.Client - Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
{code}

> security diagnostics info being dropped in exceptions seen by client
> --------------------------------------------------------------------
>
>                 Key: HADOOP-10629
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10629
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc
>    Affects Versions: 2.4.0
>            Reporter: Steve Loughran
>             Fix For: 2.7.0
>
>
> When there are some security problems, not all the info goes back to the client, which sees
> {code}
> Caused by: org.apache.hadoop.ipc.RemoteException: GSS initiate failed
> 	at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:373) ~[hadoop-common-2.4.0.jar:na]
> {code}
> It's only server-side the diagnostics surface, here some javax crypto issues
> {code}
> 2014-05-24 14:17:34,314 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 9090: readAndProcess from client 192.168.1.86 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]
> {code}
> -the inner exception text isn't making it back to the client...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)