You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Robert Kanter (JIRA)" <ji...@apache.org> on 2012/10/04 21:21:47 UTC
[jira] [Created] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Robert Kanter created HADOOP-8883:
-------------------------------------
Summary: Anonymous fallback in KerberosAuthenticator is broken
Key: HADOOP-8883
URL: https://issues.apache.org/jira/browse/HADOOP-8883
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 2.0.3-alpha
Reporter: Robert Kanter
Assignee: Robert Kanter
Priority: Minor
Fix For: 2.0.3-alpha
HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8883:
---------------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
Thanks Robert. Committed to trunk and branch-2.
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477840#comment-13477840 ]
Hudson commented on HADOOP-8883:
--------------------------------
Integrated in Hadoop-Hdfs-trunk #1198 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1198/])
HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu) (Revision 1398895)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1398895
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477771#comment-13477771 ]
Hudson commented on HADOOP-8883:
--------------------------------
Integrated in Hadoop-Yarn-trunk #6 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/6/])
HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu) (Revision 1398895)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1398895
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477869#comment-13477869 ]
Hudson commented on HADOOP-8883:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk #1228 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1228/])
HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu) (Revision 1398895)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1398895
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13471763#comment-13471763 ]
Hadoop QA commented on HADOOP-8883:
-----------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12548267/HADOOP-8883.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in hadoop-common-project/hadoop-auth.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1574//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1574//console
This message is automatically generated.
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Minor
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Robert Kanter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Kanter updated HADOOP-8883:
----------------------------------
Priority: Major (was: Minor)
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Robert Kanter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Kanter updated HADOOP-8883:
----------------------------------
Attachment: HADOOP-8883.patch
JDK SPNEGO puts the "Authorization" header in the request, so we can check that in the if statement that was added in HADOOP-8855.
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Minor
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477204#comment-13477204 ]
Hudson commented on HADOOP-8883:
--------------------------------
Integrated in Hadoop-trunk-Commit #2871 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/2871/])
HADOOP-8883. Anonymous fallback in KerberosAuthenticator is broken. (rkanter via tucu) (Revision 1398895)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1398895
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Robert Kanter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13471824#comment-13471824 ]
Robert Kanter commented on HADOOP-8883:
---------------------------------------
By the way, Jenkins didn't test it (because its not configured with Kerberos?), but I checked that all tests in {{org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator}} pass.
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Minor
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Robert Kanter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Kanter updated HADOOP-8883:
----------------------------------
Status: Patch Available (was: Open)
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Minor
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8883) Anonymous fallback in
KerberosAuthenticator is broken
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477074#comment-13477074 ]
Alejandro Abdelnur commented on HADOOP-8883:
--------------------------------------------
+1
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already; but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira