You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Anton Gozhiy (JIRA)" <ji...@apache.org> on 2019/01/22 11:05:00 UTC
[jira] [Created] (DRILL-6991) Kerberos ticket is being dumped in
the log if log level is "debug" for stdout
Anton Gozhiy created DRILL-6991:
-----------------------------------
Summary: Kerberos ticket is being dumped in the log if log level is "debug" for stdout
Key: DRILL-6991
URL: https://issues.apache.org/jira/browse/DRILL-6991
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.15.0
Reporter: Anton Gozhiy
*Prerequisites:*
# Drill is installed on cluster with Kerberos security
# Into conf/logback.xml, set the following log level:
{code:xml}
<root>
<level value="debug" />
<appender-ref ref="STDOUT" />
</root>
{code}
*Steps:*
# Start Drill
# Connect using sqlline using the following string:
{noformat}
bin/sqlline -u "jdbc:drill:zk=<zk server>;principal=<kerberos principal>"
{noformat}
*Expected result:*
No sensitive information should be displayed
*Actual result:*
Kerberos ticket and session key are being dumped into console output:
{noformat}
14:35:38.806 [TGT Renewer for mapr/node1.cluster.com@NODE1] DEBUG o.a.h.security.UserGroupInformation - Found tgt Ticket (hex) =
0000: 61 82 01 3D 30 82 01 39 A0 03 02 01 05 A1 07 1B a..=0..9........
0010: 05 4E 4F 44 45 31 A2 1A 30 18 A0 03 02 01 02 A1 .NODE1..0.......
0020: 11 30 0F 1B 06 6B 72 62 74 67 74 1B 05 4E 4F 44 .0...krbtgt..NOD
0030: 45 31 A3 82 01 0B 30 82 01 07 A0 03 02 01 12 A1 E1....0.........
0040: 03 02 01 01 A2 81 FA 04 81 F7 03 8D A9 FA 7D 89 ................
0050: 1B DF 37 B7 4D E6 6C 99 3E 8F FA 48 D9 9A 79 F3 ..7.M.l.>..H..y.
0060: 92 34 7F BF 67 1E 77 4A 2F C9 AF 82 93 4E 46 1D .4..g.wJ/....NF.
0070: 41 74 B0 AF 41 A8 8B 02 71 83 CC 14 51 72 60 EE At..A...q...Qr`.
0080: 29 67 14 F0 A6 33 63 07 41 AA 8D DC 7B 5B 41 F3 )g...3c.A....[A.
0090: 83 48 8B 2A 0B 4D 6D 57 9A 6E CF 6B DC 0B C0 D1 .H.*.MmW.n.k....
00A0: 83 BB 27 40 88 7E 9F 2B D1 FD A8 6A E1 BF F6 CC ..'@...+...j....
00B0: 0E 0C FB 93 5D 69 9A 8B 11 88 0C F2 7C E1 FD 04 ....]i..........
00C0: F5 AB 66 0C A4 A4 7B 30 D1 7F F1 2D D6 A1 52 D1 ..f....0...-..R.
00D0: 79 59 F2 06 CB 65 FB 73 63 1D 5B E9 4F 28 73 EB yY...e.sc.[.O(s.
00E0: 72 7F 04 46 34 56 F4 40 6C C0 2C 39 C0 5B C6 25 r..F4V.@l.,9.[.%
00F0: ED EF 64 07 CE ED 35 9D D7 91 6C 8F C9 CE 16 F5 ..d...5...l.....
0100: CA 5E 6F DE 08 D2 68 30 C7 03 97 E7 C0 FF D9 52 .^o...h0.......R
0110: F8 1D 2F DB 63 6D 12 4A CD 60 AD D0 BA FA 4B CF ../.cm.J.`....K.
0120: 2C B9 8C CA 5A E6 EC 10 5A 0A 1F 84 B0 80 BD 39 ,...Z...Z......9
0130: 42 2C 33 EB C0 AA 0D 44 F0 F4 E9 87 24 43 BB 9A B,3....D....$C..
0140: 52 R
Client Principal = mapr/node1.cluster.com@NODE1
Server Principal = krbtgt/NODE1@NODE1
Session Key = EncryptionKey: keyType=18 keyBytes (hex dump)=
0000: 50 DA D1 D7 91 D3 64 BE 45 7B D8 02 25 81 18 25 P.....d.E...%..%
0010: DA 59 4F BA 76 67 BB 39 9C F7 17 46 A7 C5 00 E2 .YO.vg.9...F....
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)