ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Speidel" <jspei...@hortonworks.com>
Subject Re: Review Request 31292: Kerberos: fails when entering admin principal with blank password
Date Mon, 23 Feb 2015 15:35:39 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31292/#review73571
-----------------------------------------------------------

Ship it!



ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
<https://reviews.apache.org/r/31292/#comment119969>

    is it valid for the admin credentials to be null?
    Seems that this should result in an exception being thrown.



ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
<https://reviews.apache.org/r/31292/#comment119968>

    misleading error message.
    Should say something like, "Must specify either a password or a keytab but both are null"


- John Speidel


On Feb. 23, 2015, 2:09 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31292/
> -----------------------------------------------------------
> 
> (Updated Feb. 23, 2015, 2:09 a.m.)
> 
> 
> Review request for Ambari, John Speidel and Robert Nettleton.
> 
> 
> Bugs: AMBARI-9742
>     https://issues.apache.org/jira/browse/AMBARI-9742
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Note: I don't believe the below is specific to add host, but related to the prompting
and how the set admin cred works in case of a blank password. I hit this during testing of
add host though.
> 
> - install cluster, kerberize
> - add host (be sure to use a new browser so you know it will prompt for kerb admin credentials)
> - got to the review part of add host, click deploy
> - prompted for admin creds (as expected)
> - tried messing around by putting in bad creds and that seemed to work...
> - expect when I put in the right admin cred principal name (admin/admin) but a blank
password. I was surprised it allowed me to click save (because the password field was blank)
> - so I click save, dialog disappears and I am cannot get it to re-prompt.
> - this is what it PUT and the response was blank...
>  
> ```
> [{"session_attributes":{"kerberos_admin":{"principal":"admin/admin","password":""}}}]:
> Response Headersview source
> ```
> 
> in ambari-server.log, nothing
> 
> ```
> 17:58:05,860  INFO [qtp1257282095-603] AmbariManagementControllerImpl:1171 - Received
a updateCluster request, clusterId=2, clusterName=MyCluster, securityType=null, request={
clusterName=MyCluster, clusterId=2, provisioningState=null, securityType=null, stackVersion=HDP-2.2,
desired_scv=null, hosts=[] }
> ```
> 
> - back in wizard doesn't solve it. had to completely exit wizard and ambari web to start
again
> 
> The overall issue is how the credentials are being validated.  If no password is being
set, the command to test the credentials when using a MIT KDC generates the following command:
> ```
> kadmin -p admin/admin -w "" -r EXAMPLE.COM -q 'get_principal admin/admin'
> ```
> 
> The empty password (`-w ""`) in the command creates an interactive session where the
command is waiting for data on STDIN, thus hanging the process.
> 
> An empty password should not cause the same behavior when using Active Directory.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
9d41691 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
f4551d2 
> 
> Diff: https://reviews.apache.org/r/31292/diff/
> 
> 
> Testing
> -------
> 
> Manually tested in cluster
> 
> #Jenkins test results:
> Running org.apache.ambari.server.serveraction.kerberos.MITKerberosOperationHandlerTest
> Tests run: 24, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.838 sec
> 
> Running org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest
> Tests run: 24, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 1.131 sec
> 
> Ambari server test suite
> Tests run: 2734, Failures: 0, Errors: 0, Skipped: 15
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:07 h
> [INFO] Finished at: 2015-02-23T01:58:43+00:00
> [INFO] Final Memory: 43M/473M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message