ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-9742) Kerberos: fails when entering admin principal with blank password
Date Mon, 23 Feb 2015 00:38:11 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-9742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-9742:
---------------------------------
    Attachment: AMBARI-9742_01.patch

* Added code to prevent missing or blank parts of the administrator credentials.

Patch File [^AMBARI-9742_01.patch]

> Kerberos: fails when entering admin principal with blank password 
> ------------------------------------------------------------------
>
>                 Key: AMBARI-9742
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9742
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9742_01.patch
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Note: I don't believe the below is specific to add host, but related to the prompting
and how the set admin cred works in case of a blank password. I hit this during testing of
add host though.
> - install cluster, kerberize
> - add host (be sure to use a new browser so you know it will prompt for kerb admin credentials)
> - got to the review part of add host, click deploy
> - prompted for admin creds (as expected)
> - tried messing around by putting in bad creds and that seemed to work...
> - expect when I put in the right admin cred principal name (admin/admin) but a blank
password. I was surprised it allowed me to click save (because the password field was blank)
> - so I click save, dialog disappears and I am cannot get it to re-prompt.
> - this is what it PUT and the response was blank...
>  
> {code}
> [{"session_attributes":{"kerberos_admin":{"principal":"admin/admin","password":""}}}]:
> Response Headersview source
> {code}
> in ambari-server.log, nothing
> {code}
> 17:58:05,860  INFO [qtp1257282095-603] AmbariManagementControllerImpl:1171 - Received
a updateCluster request, clusterId=2, clusterName=MyCluster, securityType=null, request={
clusterName=MyCluster, clusterId=2, provisioningState=null, securityType=null, stackVersion=HDP-2.2,
desired_scv=null, hosts=[] }
> {code}
> - back in wizard doesn't solve it. had to completely exit wizard and ambari web to start
again
> The overall issue is how the credentials are being validated.  If no password is being
set, the command to test the credentials when using a MIT KDC generates the following command:
> {code}
> kadmin -p admin/admin -w "" -r EXAMPLE.COM -q 'get_principal admin/admin'
> {code}
> The empty password ({{-w ""}}) in the command creates an interactive session where the
command is waiting for data on STDIN, thus hanging the process.
> An empty password should not cause the same behavior when using Active Directory.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message