flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Till Rohrmann (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FLINK-5055) Security feature crashes JM for certain Hadoop versions even though using no Kerberos
Date Fri, 11 Nov 2016 13:51:58 GMT
Till Rohrmann created FLINK-5055:
------------------------------------

             Summary: Security feature crashes JM for certain Hadoop versions even though
using no Kerberos
                 Key: FLINK-5055
                 URL: https://issues.apache.org/jira/browse/FLINK-5055
             Project: Flink
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.2.0
            Reporter: Till Rohrmann
            Priority: Critical
             Fix For: 1.2.0


A user reported [1] that the {{JobManager}} does not start when using Flink with Hadoop-2.7.0-mapr-1607
and no security activated because of 
{code}
javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication
        at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:841)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:704)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
{code}

It seems that this Hadoop version always tries to login via Kerberos even though the user
did not activate it and, thus, should use {{AuthenticationMode.SIMPLE}}.

I'm not really familiar with the security feature, but my understanding is that it should
not have any effect on Flink when not activated. I might be wrong here, but if not, then we
should fix this problem for 1.2.0 because it prevents people from using Flink.

[1] http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-td14484.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message