You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by eo...@apache.org on 2020/02/04 09:39:36 UTC
[zookeeper] branch release-3.6.0 updated: ZOOKEEPER-3715: fix
Kerberos test failures for new JDK versions
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch release-3.6.0
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/release-3.6.0 by this push:
new 11137d3 ZOOKEEPER-3715: fix Kerberos test failures for new JDK versions
11137d3 is described below
commit 11137d3b98fe76be522d85aefbda8da3d9aa50ac
Author: Mate Szalay-Beko <sz...@gmail.com>
AuthorDate: Tue Feb 4 10:39:02 2020 +0100
ZOOKEEPER-3715: fix Kerberos test failures for new JDK versions
Using OpenJDK 8u.242 or OpenJDK 11.0.6, we have some kerberos exceptions
when running the following, Kerberos Authentication related tests:
- QuorumKerberosAuthTest
- QuorumKerberosHostBasedAuthTest
- SaslKerberosAuthOverSSLTest
After trying this with different JDK versions, we see that the problem
seems to appear:
- between OpenJDK 8u.232 and 8u.242 for java 8
- and between 11.0.3 and 11.0.6 for java 11
There are a lot of kerberos related changes after 8u.232:
see https://hg.openjdk.java.net/jdk8u/jdk8u/jdk
I didn't really found the root cause of the issue, but the problem disappeared
after upgrading the Apache Kerby. Kerby is used only by the tests to start a local
embedded KDC server. I also checked the dependencies of the new Kerby version
and there is nothing to exclude there as far as I saw.
I also improved the logging of errors during Kerberos authentication problems by
printing out some more exceptions.
Author: Mate Szalay-Beko <sz...@gmail.com>
Reviewers: Enrico Olivelli <eo...@apache.org>, Norbert Kalmar <nk...@apache.org>
Closes #1244 from symat/ZOOKEEPER-3715
(cherry picked from commit 6763f73cb64d87145e8e642d9e4fcc1e0d509216)
Signed-off-by: Enrico Olivelli <eo...@apache.org>
---
pom.xml | 2 +-
.../src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java | 2 +-
.../org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index acaeebb..d684193 100755
--- a/pom.xml
+++ b/pom.xml
@@ -331,7 +331,7 @@
<json.version>1.1.1</json.version>
<jline.version>2.11</jline.version>
<snappy.version>1.1.7</snappy.version>
- <kerby.version>1.1.0</kerby.version>
+ <kerby.version>2.0.0</kerby.version>
<bouncycastle.version>1.60</bouncycastle.version>
<commons-collections.version>3.2.2</commons-collections.version>
<commons-lang.version>2.6</commons-lang.version>
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
index 9021f46..b0598bc 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
@@ -335,7 +335,7 @@ public class ZooKeeperSaslClient {
error += " Zookeeper Client will go to AUTH_FAILED state.";
LOG.error(error);
saslState = SaslState.FAILED;
- throw new SaslException(error);
+ throw new SaslException(error, e);
}
}
} else {
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
index d9e44ff..12cec78 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
@@ -195,7 +195,7 @@ public class SaslQuorumAuthLearner implements QuorumAuthLearner {
+ " '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your server's JVMFLAGS environment.";
}
LOG.error(error);
- throw new SaslException(error);
+ throw new SaslException(error, e);
}
}
} else {