hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8251) SecurityUtil.fetchServiceTicket broken after HADOOP-6941
Date Fri, 06 Apr 2012 04:55:19 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13248052#comment-13248052

Devaraj Das commented on HADOOP-8251:

Excellent catch, Todd! 

Could you please address the IBM code patch as well. I did a quick check again on the JDK
I have:
java version "1.6.0"
Java(TM) SE Runtime Environment (build pxi3260sr10-20111208_01(SR10))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr10-20111207_96808 (JIT
enabled, AOT enabled)
J9VM - 20111207_096808
JIT  - r9_20111107_21307ifx1
GC   - 20110519_AA)
JCL  - 20111104_02, 

It seems Krb5Util is there. Also, the methods we are interested in seems to be there.

The jar that contains the Krb5Util.class is ibmjgssprovider.jar in the JDK. 

The output of javap on the extracted class is:

Compiled from "Krb5Util.java"
public class com.ibm.security.jgss.mech.krb5.Krb5Util extends java.lang.Object{
    public static javax.security.auth.kerberos.KerberosTicket getTicketFromSubjectAndTgs(int,
java.lang.String, java.lang.String, java.lang.String, java.security.AccessControlContext)
      throws javax.security.auth.login.LoginException, com.ibm.security.krb5.KrbException,
    static javax.security.auth.kerberos.KerberosTicket getTicket(int, java.lang.String, java.lang.String,
java.security.AccessControlContext)       throws javax.security.auth.login.LoginException;
    public static javax.security.auth.Subject getSubject(int, java.security.AccessControlContext)
      throws javax.security.auth.login.LoginException;
    public static javax.security.auth.kerberos.KerberosKey[] getKeys(int, java.lang.String,
java.security.AccessControlContext)       throws javax.security.auth.login.LoginException;
    public static javax.security.auth.kerberos.KerberosTicket credsToTicket(com.ibm.security.krb5.Credentials);
    public static com.ibm.security.krb5.Credentials ticketToCreds(javax.security.auth.kerberos.KerberosTicket)
      throws com.ibm.security.krb5.KrbException, java.io.IOException;

Seems like the methods are there and with the desired signatures..

Did I miss something?
> SecurityUtil.fetchServiceTicket broken after HADOOP-6941
> --------------------------------------------------------
>                 Key: HADOOP-8251
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8251
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.1.0, 2.0.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Blocker
>             Fix For: 1.0.3, 1.1.0, 2.0.0
>         Attachments: hadoop-8251-b1.txt, hadoop-8251.txt
> HADOOP-6941 replaced direct references to some classes with reflective access so as to
support other JDKs. Unfortunately there was a mistake in the name of the Krb5Util class, which
broke fetchServiceTicket. This manifests itself as the inability to run checkpoints or other
krb5-SSL HTTP-based transfers:
> java.lang.ClassNotFoundException: sun.security.jgss.krb5

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message