You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Boris Shkolnik (JIRA)" <ji...@apache.org> on 2010/03/19 21:28:28 UTC
[jira] Created: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
-----------------------------------------------------------------------------------------------------
Key: HADOOP-6647
URL: https://issues.apache.org/jira/browse/HADOOP-6647
Project: Hadoop Common
Issue Type: Bug
Reporter: Boris Shkolnik
user logs in as hdfs/dev.ygrid.yahoo.com@DEV.YGRID.YAHOO.COM and tries to run balancer.
balancer is using NameNode Protocol which authorizes based on server principal key.
but NameNode key is hdfs/_HOST@.. now. so it fails.
To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6647:
-----------------------------------
Attachment: HADOOP-6647-BP20.patch
for previous version , not for commit
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch
>
>
> user logs in as hdfs/dev.ygrid.yahoo.com@DEV.YGRID.YAHOO.COM and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847566#action_12847566 ]
Allen Wittenauer commented on HADOOP-6647:
------------------------------------------
Does that mean if I create a fake realm with the same short name I can run balancer?
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Owen O'Malley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12886952#action_12886952 ]
Owen O'Malley commented on HADOOP-6647:
---------------------------------------
Allen,
The Namenode's configuration defines the mapping from long names to short names. It defaults to:
*@YOUR.DOMAIN -> *
With that mapping, someone coming in from another domain will fail, even with the cross-realm stuff set up.
hdfs@BAD.DOMAIN fails....
At Yahoo, we have two domains and we have rules for exactly how they map, but they amount to:
*@YGRID.YAHOO.COM -> *
*@CORP.YAHOO.COM -> *
So those two realms work, but anything else will fail. Depending on the translation that operations defines, they *can* make a cluster insecure.
joe@CORP.YAHOO.COM -> root
would be really convenient for joe, but not secure. *grin*
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6647:
-----------------------------------
Description:
user logs in as hdfs/something@something and tries to run balancer.
balancer is using NameNode Protocol which authorizes based on server principal key.
but NameNode key is hdfs/_HOST@.. now. so it fails.
To fix we need to compare the short names only.
was:
user logs in as hdfs/dev.ygrid.yahoo.com@DEV.YGRID.YAHOO.COM and tries to run balancer.
balancer is using NameNode Protocol which authorizes based on server principal key.
but NameNode key is hdfs/_HOST@.. now. so it fails.
To fix we need to compare the short names only.
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Devaraj Das (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12887143#action_12887143 ]
Devaraj Das commented on HADOOP-6647:
-------------------------------------
+1
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888289#action_12888289 ]
Hudson commented on HADOOP-6647:
--------------------------------
Integrated in Hadoop-Common-trunk #392 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/392/])
HADOOP-6647. balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6647:
-----------------------------------
Attachment: HADOOP-6647.patch
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6647:
-----------------------------------
Status: Patch Available (was: Open)
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6647:
-----------------------------------
Status: Resolved (was: Patch Available)
Hadoop Flags: [Reviewed]
Resolution: Fixed
committed to trunk.
javadoc warning is related to use of "Sun proprietary API and may be removed in a future release" packages introduces elsewhere.
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12887856#action_12887856 ]
Hudson commented on HADOOP-6647:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #324 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/324/])
HADOOP-6647. balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12881508#action_12881508 ]
Hadoop QA commented on HADOOP-6647:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12447754/HADOOP-6647.patch
against trunk revision 957074.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
-1 javadoc. The javadoc tool appears to have generated 1 warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/592/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/592/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/592/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/592/console
This message is automatically generated.
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch, HADOOP-6647.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (HADOOP-6647) balancer fails with "is not
authorized for protocol interface NamenodeProtocol" in secure environment
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik reassigned HADOOP-6647:
--------------------------------------
Assignee: Boris Shkolnik
> balancer fails with "is not authorized for protocol interface NamenodeProtocol" in secure environment
> -----------------------------------------------------------------------------------------------------
>
> Key: HADOOP-6647
> URL: https://issues.apache.org/jira/browse/HADOOP-6647
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Boris Shkolnik
> Assignee: Boris Shkolnik
> Attachments: HADOOP-6647-BP20.patch
>
>
> user logs in as hdfs/something@something and tries to run balancer.
> balancer is using NameNode Protocol which authorizes based on server principal key.
> but NameNode key is hdfs/_HOST@.. now. so it fails.
> To fix we need to compare the short names only.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.