accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ACCUMULO-3690) Unintended limitations on tracer host WRT kerberos principal
Date Fri, 20 Mar 2015 17:09:38 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-3690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Josh Elser updated ACCUMULO-3690:
---------------------------------
    Description: 
[~billie.rinaldi] noticed a problem while testing out some Kerberos stuff. The monitor performs
a login using {{general.kerberos.*}}, but then tries to get a connector as the trace user
which is guaranteed to fail when general.kerberos.principal doesn't match up with the tracer's
principal.

For example, the Monitor can only fetch traces when tracer is same principal. Similarly, the
trace server logs in with general.kerberos.keytab, but then tries to use trace.user to make
a connector which will only work when the two are the same.

  was:[~billie.rinaldi] noticed a problem while testing out some Kerberos stuff. The monitor
performs a login using {{general.kerberos.*}}, but then tries to get a connector as the trace
user which is guaranteed to fail when general.kerberos.principal doesn't match up with the
tracer's principal.


> Unintended limitations on tracer host WRT kerberos principal
> ------------------------------------------------------------
>
>                 Key: ACCUMULO-3690
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3690
>             Project: Accumulo
>          Issue Type: Bug
>          Components: monitor, trace
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.7.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> [~billie.rinaldi] noticed a problem while testing out some Kerberos stuff. The monitor
performs a login using {{general.kerberos.*}}, but then tries to get a connector as the trace
user which is guaranteed to fail when general.kerberos.principal doesn't match up with the
tracer's principal.
> For example, the Monitor can only fetch traces when tracer is same principal. Similarly,
the trace server logs in with general.kerberos.keytab, but then tries to use trace.user to
make a connector which will only work when the two are the same.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message