You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/02/22 23:51:11 UTC

[jira] [Created] (AMBARI-9742) Kerberos: fails when entering admin principal with blank password

Robert Levas created AMBARI-9742:
------------------------------------

             Summary: Kerberos: fails when entering admin principal with blank password 
                 Key: AMBARI-9742
                 URL: https://issues.apache.org/jira/browse/AMBARI-9742
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Critical
             Fix For: 2.0.0


Note: I don't believe the below is specific to add host, but related to the prompting and how the set admin cred works in case of a blank password. I hit this during testing of add host though.

- install cluster, kerberize
- add host (be sure to use a new browser so you know it will prompt for kerb admin credentials)
- got to the review part of add host, click deploy
- prompted for admin creds (as expected)
- tried messing around by putting in bad creds and that seemed to work...
- expect when I put in the right admin cred principal name (admin/admin) but a blank password. I was surprised it allowed me to click save (because the password field was blank)
- so I click save, dialog disappears and I am cannot get it to re-prompt.
- this is what it PUT and the response was blank...
 
{code}
[{"session_attributes":{"kerberos_admin":{"principal":"admin/admin","password":""}}}]:
Response Headersview source
{code}

in ambari-server.log, nothing

{code}
17:58:05,860  INFO [qtp1257282095-603] AmbariManagementControllerImpl:1171 - Received a updateCluster request, clusterId=2, clusterName=MyCluster, securityType=null, request={ clusterName=MyCluster, clusterId=2, provisioningState=null, securityType=null, stackVersion=HDP-2.2, desired_scv=null, hosts=[] }
{code}

- back in wizard doesn't solve it. had to completely exit wizard and ambari web to start again

The overall issue is how the credentials are being validated.  If no password is being set, the command to test the credentials when using a MIT KDC generates the following command:
{code}
kadmin -p admin/admin -w "" -r EXAMPLE.COM -q 'get_principal admin/admin'
{code}

The empty password ({{-w ""}}) in the command creates an interactive session where the command is waiting for data on STDIN, thus hanging the process.

This most likely does not affect an Active Directory scenario.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)