ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Chekanskiy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-4809) Allow Falcon to be configured with keytab/security and custom params
Date Mon, 24 Feb 2014 18:39:21 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910625#comment-13910625
] 

Eugene Chekanskiy commented on AMBARI-4809:
-------------------------------------------

Added two separate configs: falcon-runtime-site and falcon-startup-site. This will allow to
configure falcon in secure mode with simple auth or kerberos. Also we can add some custom
properties to this configs. Patch under testing, falcon starts in kerberos mode but throws
following exception when i try to run "falcon version":
{noformat}
2014-02-24 17:28:12,769  Authentication exception: GSSException: Failure unspecified at GSS-API
level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt
AP REP - AES256 CTS mode with HMAC SHA1-96)
org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Failure
unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of
appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:360)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:349)
	at org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.Server.handle(Server.java:326)
	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
	at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
	at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument
(400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC
SHA1-96)
	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
	at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
	at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:327)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:309)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:415)
	at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:309)
	... 17 more
Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt
AP REP - AES256 CTS mode with HMAC SHA1-96
	at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)
	at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
	at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
	... 28 more
{noformat}

> Allow Falcon to be configured with keytab/security and custom params
> --------------------------------------------------------------------
>
>                 Key: AMBARI-4809
>                 URL: https://issues.apache.org/jira/browse/AMBARI-4809
>             Project: Ambari
>          Issue Type: Bug
>          Components: controller
>    Affects Versions: 1.5.0
>            Reporter: Eugene Chekanskiy
>            Assignee: Eugene Chekanskiy
>             Fix For: 1.5.0
>
>         Attachments: AMBARI-4809.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message