You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/06/15 16:06:09 UTC
[jira] [Commented] (TRAFODION-2048) Improve checks during Trafodion
Kerberos Installation
[ https://issues.apache.org/jira/browse/TRAFODION-2048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15331968#comment-15331968 ]
ASF GitHub Bot commented on TRAFODION-2048:
-------------------------------------------
Github user robertamarton commented on a diff in the pull request:
https://github.com/apache/incubator-trafodion/pull/546#discussion_r67192402
--- Diff: core/sqf/sql/scripts/sqstart ---
@@ -220,6 +220,31 @@ function SQCheckOrphanProcesses {
}
+function checkKerberos {
+
+ # Check to see if kerberos is enabled in Hadoop
+ cat /etc/hadoop/conf/core-site.xml | while read a; do
+ found=`echo $a | grep "hadoop.security.authentication" | wc -l`
+ if [[ $found -eq 1 ]]; then
+ read b
+ enabled=`echo $b | grep kerberos | wc -l`
--- End diff --
I want to improve the check to see if Kerberos is enabled in general. There is the issue you mention above and in a customer environment, core-site may not be in the default location (take install_local_hadoop for instance). With a different solution, I hope to avoid scanning core-site. I did write up a JIRA to improve this (TRAFODION-2048).
> Improve checks during Trafodion Kerberos Installation
> -----------------------------------------------------
>
> Key: TRAFODION-2048
> URL: https://issues.apache.org/jira/browse/TRAFODION-2048
> Project: Apache Trafodion
> Issue Type: Sub-task
> Components: sql-security
> Reporter: Roberta Marton
> Assignee: Roberta Marton
> Fix For: 1.1 (pre-incubation)
>
>
> Add checks for security configuration issues at the same time other config problems are checked (traf_config_check). Today problems are not discovered until late in the process. When problems are found, it is not always easy to figure out the issue. Checks to include:
> -> valid KDC server and LDAP server
> -> valid KDC admin user and password
> -> LDAP user to be associated with database user ROOT is valid
> Also, remove the hard coded location for the Hadoop's core-site.xml file. Some installations may not be using the standard location.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)