You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafodion.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/06/15 16:06:09 UTC

[jira] [Commented] (TRAFODION-2048) Improve checks during Trafodion Kerberos Installation

    [ https://issues.apache.org/jira/browse/TRAFODION-2048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15331968#comment-15331968 ] 

ASF GitHub Bot commented on TRAFODION-2048:
-------------------------------------------

Github user robertamarton commented on a diff in the pull request:

    https://github.com/apache/incubator-trafodion/pull/546#discussion_r67192402
  
    --- Diff: core/sqf/sql/scripts/sqstart ---
    @@ -220,6 +220,31 @@ function SQCheckOrphanProcesses {
     
     }
     
    +function checkKerberos {
    +
    +   # Check to see if kerberos is enabled in Hadoop
    +   cat /etc/hadoop/conf/core-site.xml | while read a; do
    +     found=`echo $a | grep "hadoop.security.authentication" | wc -l`
    +     if [[ $found -eq 1 ]]; then
    +       read b
    +       enabled=`echo $b | grep kerberos | wc -l`
    --- End diff --
    
    I want to improve the check to see if Kerberos is enabled in general.  There is the issue you mention above and in a customer environment, core-site may not be in the default location (take install_local_hadoop for instance).   With a different solution, I hope to avoid scanning core-site.   I did write up a JIRA to improve this (TRAFODION-2048).


> Improve checks during Trafodion Kerberos Installation
> -----------------------------------------------------
>
>                 Key: TRAFODION-2048
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2048
>             Project: Apache Trafodion
>          Issue Type: Sub-task
>          Components: sql-security
>            Reporter: Roberta Marton
>            Assignee: Roberta Marton
>             Fix For: 1.1 (pre-incubation)
>
>
> Add checks for security configuration issues at the same time other config problems are checked (traf_config_check). Today problems are not discovered until late in the process.  When problems are found, it is not always easy to figure out the issue.  Checks to include:
> -> valid KDC server and LDAP server
> -> valid KDC admin user and password
> -> LDAP user to be associated with database user ROOT is valid
> Also, remove the hard coded location for the Hadoop's core-site.xml file.  Some installations may not be using the standard location.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)