You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Anton Gozhiy (JIRA)" <ji...@apache.org> on 2019/01/22 11:05:00 UTC
[jira] [Created] (DRILL-6991) Kerberos ticket is being dumped in the log if log level is "debug" for stdout

Anton Gozhiy created DRILL-6991:
-----------------------------------

             Summary: Kerberos ticket is being dumped in the log if log level is "debug" for stdout 
                 Key: DRILL-6991
                 URL: https://issues.apache.org/jira/browse/DRILL-6991
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.15.0
            Reporter: Anton Gozhiy


*Prerequisites:*
 # Drill is installed on cluster with Kerberos security
 # Into conf/logback.xml, set the following log level:
{code:xml}
  <root>
    <level value="debug" />
    <appender-ref ref="STDOUT" />
  </root>
{code}

*Steps:*
# Start Drill
# Connect using sqlline using the following string:
{noformat}
bin/sqlline -u "jdbc:drill:zk=<zk server>;principal=<kerberos principal>"
{noformat}

*Expected result:*
No sensitive information should be displayed

*Actual result:*
Kerberos  ticket and session key are being dumped into console output:
{noformat}
14:35:38.806 [TGT Renewer for mapr/node1.cluster.com@NODE1] DEBUG o.a.h.security.UserGroupInformation - Found tgt Ticket (hex) = 
0000: 61 82 01 3D 30 82 01 39   A0 03 02 01 05 A1 07 1B  a..=0..9........
0010: 05 4E 4F 44 45 31 A2 1A   30 18 A0 03 02 01 02 A1  .NODE1..0.......
0020: 11 30 0F 1B 06 6B 72 62   74 67 74 1B 05 4E 4F 44  .0...krbtgt..NOD
0030: 45 31 A3 82 01 0B 30 82   01 07 A0 03 02 01 12 A1  E1....0.........
0040: 03 02 01 01 A2 81 FA 04   81 F7 03 8D A9 FA 7D 89  ................
0050: 1B DF 37 B7 4D E6 6C 99   3E 8F FA 48 D9 9A 79 F3  ..7.M.l.>..H..y.
0060: 92 34 7F BF 67 1E 77 4A   2F C9 AF 82 93 4E 46 1D  .4..g.wJ/....NF.
0070: 41 74 B0 AF 41 A8 8B 02   71 83 CC 14 51 72 60 EE  At..A...q...Qr`.
0080: 29 67 14 F0 A6 33 63 07   41 AA 8D DC 7B 5B 41 F3  )g...3c.A....[A.
0090: 83 48 8B 2A 0B 4D 6D 57   9A 6E CF 6B DC 0B C0 D1  .H.*.MmW.n.k....
00A0: 83 BB 27 40 88 7E 9F 2B   D1 FD A8 6A E1 BF F6 CC  ..'@...+...j....
00B0: 0E 0C FB 93 5D 69 9A 8B   11 88 0C F2 7C E1 FD 04  ....]i..........
00C0: F5 AB 66 0C A4 A4 7B 30   D1 7F F1 2D D6 A1 52 D1  ..f....0...-..R.
00D0: 79 59 F2 06 CB 65 FB 73   63 1D 5B E9 4F 28 73 EB  yY...e.sc.[.O(s.
00E0: 72 7F 04 46 34 56 F4 40   6C C0 2C 39 C0 5B C6 25  r..F4V.@l.,9.[.%
00F0: ED EF 64 07 CE ED 35 9D   D7 91 6C 8F C9 CE 16 F5  ..d...5...l.....
0100: CA 5E 6F DE 08 D2 68 30   C7 03 97 E7 C0 FF D9 52  .^o...h0.......R
0110: F8 1D 2F DB 63 6D 12 4A   CD 60 AD D0 BA FA 4B CF  ../.cm.J.`....K.
0120: 2C B9 8C CA 5A E6 EC 10   5A 0A 1F 84 B0 80 BD 39  ,...Z...Z......9
0130: 42 2C 33 EB C0 AA 0D 44   F0 F4 E9 87 24 43 BB 9A  B,3....D....$C..
0140: 52                                                 R

Client Principal = mapr/node1.cluster.com@NODE1
Server Principal = krbtgt/NODE1@NODE1
Session Key = EncryptionKey: keyType=18 keyBytes (hex dump)=
0000: 50 DA D1 D7 91 D3 64 BE   45 7B D8 02 25 81 18 25  P.....d.E...%..%
0010: DA 59 4F BA 76 67 BB 39   9C F7 17 46 A7 C5 00 E2  .YO.vg.9...F....
{noformat}




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)