You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "Istvan Toth (Jira)" <ji...@apache.org> on 2020/05/28 06:55:00 UTC

[jira] [Resolved] (PHOENIX-5904) Add log if the configed kerberos principal login failed

     [ https://issues.apache.org/jira/browse/PHOENIX-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Istvan Toth resolved PHOENIX-5904.
----------------------------------
    Resolution: Fixed

Committed with a minor refactor.

Thank you [~zghao]

> Add log if the configed kerberos principal login failed
> -------------------------------------------------------
>
>                 Key: PHOENIX-5904
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-5904
>             Project: Phoenix
>          Issue Type: Improvement
>          Components: queryserver
>            Reporter: Guanghao Zhang
>            Assignee: Guanghao Zhang
>            Priority: Minor
>             Fix For: queryserver-1.0.0
>
>         Attachments: PHOENIX-5904.website.diff
>
>
> {code:java}
> SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
>     QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
> LOG.info("Login successful.");
> {code}
> But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false.
>  
> {code:java}
> public static void login(final Configuration conf,
>     final String keytabFileKey, final String userNameKey, String hostname)
>     throws IOException {
>   
>   if(!UserGroupInformation.isSecurityEnabled()) 
>     return;
>   
>   String keytabFilename = conf.get(keytabFileKey);
>   if (keytabFilename == null || keytabFilename.length() == 0) {
>     throw new IOException("Running in secure mode, but config doesn't have a keytab");
>   }
>   String principalConfig = conf.get(userNameKey, System
>       .getProperty("user.name"));
>   String principalName = SecurityUtil.getServerPrincipal(principalConfig,
>       hostname);
>   UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
> }
> {code}
> UserGroupInformation.isSecurityEnabled is configed by *hadoop.security.authentication*. But the document only said need to config *hbase.security.authentication*. So, I thought we need to add document about this, too. 
>  
> QueryServer doc: [https://phoenix.apache.org/server.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)