ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-9742) Kerberos: fails when entering admin principal with blank password
Date Mon, 23 Feb 2015 01:59:11 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-9742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14332481#comment-14332481
] 

Hadoop QA commented on AMBARI-9742:
-----------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12700127/AMBARI-9742_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in ambari-server.

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/1766//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/1766//console

This message is automatically generated.

> Kerberos: fails when entering admin principal with blank password 
> ------------------------------------------------------------------
>
>                 Key: AMBARI-9742
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9742
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9742_01.patch
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Note: I don't believe the below is specific to add host, but related to the prompting
and how the set admin cred works in case of a blank password. I hit this during testing of
add host though.
> - install cluster, kerberize
> - add host (be sure to use a new browser so you know it will prompt for kerb admin credentials)
> - got to the review part of add host, click deploy
> - prompted for admin creds (as expected)
> - tried messing around by putting in bad creds and that seemed to work...
> - expect when I put in the right admin cred principal name (admin/admin) but a blank
password. I was surprised it allowed me to click save (because the password field was blank)
> - so I click save, dialog disappears and I am cannot get it to re-prompt.
> - this is what it PUT and the response was blank...
>  
> {code}
> [{"session_attributes":{"kerberos_admin":{"principal":"admin/admin","password":""}}}]:
> Response Headersview source
> {code}
> in ambari-server.log, nothing
> {code}
> 17:58:05,860  INFO [qtp1257282095-603] AmbariManagementControllerImpl:1171 - Received
a updateCluster request, clusterId=2, clusterName=MyCluster, securityType=null, request={
clusterName=MyCluster, clusterId=2, provisioningState=null, securityType=null, stackVersion=HDP-2.2,
desired_scv=null, hosts=[] }
> {code}
> - back in wizard doesn't solve it. had to completely exit wizard and ambari web to start
again
> The overall issue is how the credentials are being validated.  If no password is being
set, the command to test the credentials when using a MIT KDC generates the following command:
> {code}
> kadmin -p admin/admin -w "" -r EXAMPLE.COM -q 'get_principal admin/admin'
> {code}
> The empty password ({{-w ""}}) in the command creates an interactive session where the
command is waiting for data on STDIN, thus hanging the process.
> An empty password should not cause the same behavior when using Active Directory.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message