You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/08/18 18:26:01 UTC

[jira] [Commented] (KUDU-1976) MiniKdc races between add_principal and kinit

    [ https://issues.apache.org/jira/browse/KUDU-1976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133409#comment-16133409 ] 

Todd Lipcon commented on KUDU-1976:
-----------------------------------

I saw this again in another precommit, also in the Java tests. I wrote a simple bash script to test addprinc/kinit/delprinc in a loop and I can't seem to repro a race (at least on ubuntu 16). Looking at the code I also don't see any "caching" involved. It also seems funny that we've only seen this in the Java tests and not the C++ ones.

> MiniKdc races between add_principal and kinit
> ---------------------------------------------
>
>                 Key: KUDU-1976
>                 URL: https://issues.apache.org/jira/browse/KUDU-1976
>             Project: Kudu
>          Issue Type: Bug
>          Components: java, test
>    Affects Versions: 1.4.0
>            Reporter: Adar Dembo
>
> Noticed this in a recent precommit run, in ASAN mode, but I recall seeing it before too. I think it happens from time to time.
> {noformat}
> 02:36:16.240 [DEBUG - main] (MiniKdc.java:339) executing '/usr/sbin/kadmin.local -q add_principal -pw testuser testuser', env: '...'
> 02:36:16.268 [DEBUG - main] (MiniKdc.java:363) WARNING: no policy specified for testuser@KRBTEST.COM; defaulting to no policy
> 02:36:16.269 [DEBUG - main] (MiniKdc.java:363) Authenticating as principal jenkins-slave/admin@KRBTEST.COM with password.
> 02:36:16.269 [DEBUG - main] (MiniKdc.java:363) Principal "testuser@KRBTEST.COM" created.
> 02:36:16.274 [DEBUG - main] (MiniKdc.java:339) executing '/usr/bin/kinit testuser', env: '...'
> 02:36:16.277 [DEBUG - main] (MiniKdc.java:363) kinit: Client 'testuser@KRBTEST.COM' not found in Kerberos database while getting initial credentials
> {noformat}
> I wonder why the kinit doesn't take immediately. I went looking for a "sync" option for the KDC but couldn't find one; perhaps it's a bug in the version of the KDC used in the test environment? (Ubuntu 14.04 IIRC).
> If there's no such thing, maybe we should retry kinit with some backoff until it works (or fails for good).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)