You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2012/09/11 02:25:07 UTC
[jira] [Created] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Todd Lipcon created HADOOP-8787:
-----------------------------------
Summary: KerberosAuthenticationHandler should include missing property names in configuration
Key: HADOOP-8787
URL: https://issues.apache.org/jira/browse/HADOOP-8787
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 2.0.1-alpha, 1.0.3, 3.0.0
Reporter: Todd Lipcon
Priority: Minor
Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454941#comment-13454941 ]
Hadoop QA commented on HADOOP-8787:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12544989/HADOOP-8787-3.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 2 new or modified test files.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1452//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1452//console
This message is automatically generated.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch, HADOOP-8787-2.patch, HADOOP-8787-3.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453575#comment-13453575 ]
Ted Malaska commented on HADOOP-8787:
-------------------------------------
Hmm, this is an interesting JIRA. The problem is really simple, but being my first Hadoop JIRA I'm not sure the right course of action.
I have the following options:
1. Throw nested exceptions: The outer exception will have the prefix "dfs.web.authentication.kerberos.principal" and the inner exception will have the root config "kerberos.principal". I know if I was a user I wouldn't like this option.
2. Instead of striping off the prefixes I could pass the prefix into the init method of the AuthenicationHandler. That way I would have the full string to build the original exception message. However I assume someone found value in striping off those prefixes.
3. I could pass in the prefix to the handler so the solo reason of constructing the exception message. This option doesn't smell right.
4. I could read the exception message in the AuthenticationFilter and add the prefix, but that seems like a hack.
So I think I'm going to go with option 2. If anyone can think of a better option place let me know.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Malaska updated HADOOP-8787:
--------------------------------
Attachment: HADOOP-8787-2.patch
This is an implementation of option 1.
I need to review with the hadoop team tomorrow to ask for direction. I'm not sure which option is best for this JIRA.
Things included in this patch:
1. Nested exception message that give the user information about which proporties are causing the problem.
2. It fixed the security null in the case of a prefix bug.
3. It includes a new test for the security null in the case of a prefix bug.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch, HADOOP-8787-2.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453660#comment-13453660 ]
Hadoop QA commented on HADOOP-8787:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12544748/HADOOP-8787-2.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 2 new or modified test files.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1439//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1439//console
This message is automatically generated.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch, HADOOP-8787-2.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453423#comment-13453423 ]
Ted Malaska commented on HADOOP-8787:
-------------------------------------
(8 to 1) That's a B+.
I didn't make a junit because I just changed an exception message. Let me know if you want me to make a test for this.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Malaska updated HADOOP-8787:
--------------------------------
Attachment: HADOOP-8787-3.patch
Applied changed based on review.
Major changes:
1. KerberosAuthenticationHandler now can get config_prefix from properties.
2. AuthenticationFilter.getConfiguration will now put the config_prefix into the newly created properties object
3. Also added additional tests to test KerberosAuthenticationHandler new exceptions.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch, HADOOP-8787-2.patch, HADOOP-8787-3.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454880#comment-13454880 ]
Ted Malaska commented on HADOOP-8787:
-------------------------------------
Cool. Thanks Alejandro. I will get a updated patch soon.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch, HADOOP-8787-2.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454650#comment-13454650 ]
Alejandro Abdelnur commented on HADOOP-8787:
--------------------------------------------
Ted,
----
On AuthenticationFilter.
{code}
if (configPrefix.isEmpty()) {
errorMessage = "Unable to init AuthenticationHandler because of the following exception.";
} else {
errorMessage = "Unable to init AuthenticationHandler of '" + configPrefix + "*' properties because of the following exception.";
}
throw new ServletException(errorMessage, ex);
{code}
I'd do:
{code}
errorMessage = "Unable to init AuthenticationHandler";
if (!configPrefix.isEmpty()) {
errorMessage += " with '" + configPrefix + "*' properties";
}
throw new ServletException(errorMessage + ": " + ex.getMessage(), ex);
{code}
----
On
{code}
LOG.warn("'" + configPrefix + "signature.secret' configuration not set, using a random value as secret");
{code}
use the {{SIGNATURE_SECRET}} constant instead.
----
On the {{AuthenticatorFilter.getConfiguration()}} method I would add the {{configPrefix}} as a 'config.prefix' property in the {{Properties}} object.
This will allow you to generate the full property name in the exception thrown from the KerberosAuthenticatorHandler. -------
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch, HADOOP-8787-2.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Malaska updated HADOOP-8787:
--------------------------------
Attachment: HADOOP-8787-1.patch
Added a single quote that I missed.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Posted by "Aaron T. Myers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8787:
-----------------------------------
Assignee: Ted Malaska
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453583#comment-13453583 ]
Ted Malaska commented on HADOOP-8787:
-------------------------------------
No option 2 is no good it will require more wide changes. This being my first JIRA I wish to keep the changes to a minimal.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453531#comment-13453531 ]
Ted Malaska commented on HADOOP-8787:
-------------------------------------
Thank you Todd, I didn't see that. I will get an updated patch soon.
Also after reviewing the init method in AuthenticationFilter, I have a question about line 154
Line 154 looks like it will never return the config value for SIGNATURE_SECRET. Because it follows line 129.
129 Properties config = getConfiguration(configPrefix, filterConfig);
154 String signatureSecret = config.getProperty(configPrefix + SIGNATURE_SECRET);
I'm going to make a test to check to see if signature secret is getting populated in the case of a prefix.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453422#comment-13453422 ]
Hadoop QA commented on HADOOP-8787:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12544705/HADOOP-8787-1.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1438//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1438//console
This message is automatically generated.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Malaska updated HADOOP-8787:
--------------------------------
Attachment: HADOOP-8787-0.patch
Change exception message for to include the name of the property that is missing.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Ted Malaska (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453557#comment-13453557 ]
Ted Malaska commented on HADOOP-8787:
-------------------------------------
Confirmed through junits that the trunk code will give a random secret when ever a config.prefix is used.
I will include that fix into my patch
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8787) KerberosAuthenticationHandler should
include missing property names in configuration
Posted by "Aaron T. Myers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8787:
-----------------------------------
Target Version/s: 2.0.3-alpha
Status: Patch Available (was: Open)
Marking patch available for Ted so that test-patch runs.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.1-alpha, 1.0.3, 3.0.0
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8787) KerberosAuthenticationHandler
should include missing property names in configuration
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453442#comment-13453442 ]
Todd Lipcon commented on HADOOP-8787:
-------------------------------------
Thanks for looking at this, Ted. I don't think the patch is quite sufficient, because the variables you've interpolated are missing the 'prefix' that is actually in the hadoop configuration. ie it will just print "kerberos.principal" is missing, rather than the full one like "dfs.web.authentication.kerberos.principal". You'll have to plumb the prefix through from AuthenticationFilter somehow to get the proper error message.
> KerberosAuthenticationHandler should include missing property names in configuration
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-8787
> URL: https://issues.apache.org/jira/browse/HADOOP-8787
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 3.0.0, 2.0.1-alpha
> Reporter: Todd Lipcon
> Assignee: Ted Malaska
> Priority: Minor
> Labels: newbie
> Attachments: HADOOP-8787-0.patch, HADOOP-8787-1.patch
>
>
> Currently, if the spnego keytab is missing from the configuration, the user gets an error like: "javax.servlet.ServletException: Principal not defined in configuration". This should be augmented to actually show the configuration variable which is missing. Otherwise it is hard for a user to know what to fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira