You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Risden (Jira)" <ji...@apache.org> on 2020/02/10 17:06:00 UTC
[jira] [Commented] (KNOX-2229) Knox shouldn't exclude Kerby since
it is used by Hadoop
[ https://issues.apache.org/jira/browse/KNOX-2229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17033763#comment-17033763 ]
Kevin Risden commented on KNOX-2229:
------------------------------------
After the change - here are all the kerby dependencies that get pulled in automatically
{code:java}
➜ knox-1.4.0-SNAPSHOT ls -l dep/kerb*
-rw-r--r-- 1 krisden staff 80980 Jan 22 09:10 dep/kerb-admin-1.0.1.jar
-rw-r--r-- 1 krisden staff 113017 Jan 22 09:10 dep/kerb-client-1.0.1.jar
-rw-r--r-- 1 krisden staff 65464 Jan 22 09:10 dep/kerb-common-1.0.1.jar
-rw-r--r-- 1 krisden staff 226672 Jan 22 09:10 dep/kerb-core-1.0.1.jar
-rw-r--r-- 1 krisden staff 116120 Jan 22 09:10 dep/kerb-crypto-1.0.1.jar
-rw-r--r-- 1 krisden staff 20046 Jan 22 09:10 dep/kerb-identity-1.0.1.jar
-rw-r--r-- 1 krisden staff 82756 Jan 22 09:10 dep/kerb-server-1.0.1.jar
-rw-r--r-- 1 krisden staff 20409 Jan 22 09:10 dep/kerb-simplekdc-1.0.1.jar
-rw-r--r-- 1 krisden staff 36708 Jan 22 09:10 dep/kerb-util-1.0.1.jar
-rw-r--r-- 1 krisden staff 102174 Jan 22 09:10 dep/kerby-asn1-1.0.1.jar
-rw-r--r-- 1 krisden staff 30674 Jan 22 09:10 dep/kerby-config-1.0.1.jar
-rw-r--r-- 1 krisden staff 204650 Jan 22 09:10 dep/kerby-pkix-1.0.1.jar
-rw-r--r-- 1 krisden staff 40554 Jan 22 09:10 dep/kerby-util-1.0.1.jar
-rw-r--r-- 1 krisden staff 29134 Jan 22 09:10 dep/kerby-xdr-1.0.1.jar
{code}
> Knox shouldn't exclude Kerby since it is used by Hadoop
> -------------------------------------------------------
>
> Key: KNOX-2229
> URL: https://issues.apache.org/jira/browse/KNOX-2229
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
> Fix For: 1.4.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> KNOX-1161 excluded Kerby from Knox, but since Kerby is used by Hadoop there are some cases where Knox requires Kerby transitively. Specifically in the case of hadoop-auth when Knox handles SPNEGO authentication and set hadoop.auth.config.kerberos.principal=*
> This causes the following stacktrace in gateway.log
> {code:java}
> 2020-02-05 16:46:58,125 ERROR knox.gateway (AbstractGatewayFilter.java:doFilter(69)) - Failed to execute filter: java.lang.NoClassDefFoundError: org/apache/kerby/kerberos/kerb/keytab/Keytab
> java.lang.NoClassDefFoundError: org/apache/kerby/kerberos/kerb/keytab/Keytab
> at org.apache.hadoop.security.authentication.util.KerberosUtil.getPrincipalNames(KerberosUtil.java:225)
> at org.apache.hadoop.security.authentication.util.KerberosUtil.getPrincipalNames(KerberosUtil.java:244)
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:146)
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:194)
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:180)
> at org.apache.knox.gateway.GatewayFilter$Holder.getInstance(GatewayFilter.java:402)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:371)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:272)
> at org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:30)
> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:372)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:272)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:171)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:94)
> at org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:141)
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:857)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
> at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> at org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> at org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> at org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:152)
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> at org.eclipse.jetty.server.Server.handle(Server.java:503)
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:411)
> at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:305)
> at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
> at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassNotFoundException: org.apache.kerby.kerberos.kerb.keytab.Keytab
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 60 more
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)