Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8240F17F18 for ; Mon, 23 Feb 2015 00:38:12 +0000 (UTC) Received: (qmail 38841 invoked by uid 500); 23 Feb 2015 00:38:12 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 38795 invoked by uid 500); 23 Feb 2015 00:38:12 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 38783 invoked by uid 99); 23 Feb 2015 00:38:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Feb 2015 00:38:12 +0000 Date: Mon, 23 Feb 2015 00:38:11 +0000 (UTC) From: "Robert Levas (JIRA)" To: dev@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AMBARI-9742) Kerberos: fails when entering admin principal with blank password MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMBARI-9742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Levas updated AMBARI-9742: --------------------------------- Attachment: AMBARI-9742_01.patch * Added code to prevent missing or blank parts of the administrator credentials. Patch File [^AMBARI-9742_01.patch] > Kerberos: fails when entering admin principal with blank password > ------------------------------------------------------------------ > > Key: AMBARI-9742 > URL: https://issues.apache.org/jira/browse/AMBARI-9742 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.0.0 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Critical > Labels: kerberos > Fix For: 2.0.0 > > Attachments: AMBARI-9742_01.patch > > Original Estimate: 2h > Remaining Estimate: 2h > > Note: I don't believe the below is specific to add host, but related to the prompting and how the set admin cred works in case of a blank password. I hit this during testing of add host though. > - install cluster, kerberize > - add host (be sure to use a new browser so you know it will prompt for kerb admin credentials) > - got to the review part of add host, click deploy > - prompted for admin creds (as expected) > - tried messing around by putting in bad creds and that seemed to work... > - expect when I put in the right admin cred principal name (admin/admin) but a blank password. I was surprised it allowed me to click save (because the password field was blank) > - so I click save, dialog disappears and I am cannot get it to re-prompt. > - this is what it PUT and the response was blank... > > {code} > [{"session_attributes":{"kerberos_admin":{"principal":"admin/admin","password":""}}}]: > Response Headersview source > {code} > in ambari-server.log, nothing > {code} > 17:58:05,860 INFO [qtp1257282095-603] AmbariManagementControllerImpl:1171 - Received a updateCluster request, clusterId=2, clusterName=MyCluster, securityType=null, request={ clusterName=MyCluster, clusterId=2, provisioningState=null, securityType=null, stackVersion=HDP-2.2, desired_scv=null, hosts=[] } > {code} > - back in wizard doesn't solve it. had to completely exit wizard and ambari web to start again > The overall issue is how the credentials are being validated. If no password is being set, the command to test the credentials when using a MIT KDC generates the following command: > {code} > kadmin -p admin/admin -w "" -r EXAMPLE.COM -q 'get_principal admin/admin' > {code} > The empty password ({{-w ""}}) in the command creates an interactive session where the command is waiting for data on STDIN, thus hanging the process. > An empty password should not cause the same behavior when using Active Directory. -- This message was sent by Atlassian JIRA (v6.3.4#6332)