hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Moved] (HADOOP-12510) Need improved WARN or ERROR when token based auth fails for kmsclient request
Date Sun, 25 Oct 2015 13:38:27 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-12510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Steve Loughran moved MAPREDUCE-6522 to HADOOP-12510:
----------------------------------------------------

    Component/s:     (was: security)
                     (was: client)
                 security
            Key: HADOOP-12510  (was: MAPREDUCE-6522)
        Project: Hadoop Common  (was: Hadoop Map/Reduce)

> Need improved WARN or ERROR when token based auth fails for kmsclient request
> -----------------------------------------------------------------------------
>
>                 Key: HADOOP-12510
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12510
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Todd Grayson
>
> When token based authentication fails, it would be helpful to have a WARN event of the
failure, as well as a WARN event that alternative forms of authentication are being attempted.
> For example if token based authentication has failed; it appears that there is a fallback
to attempting kerberos authentication.   At that point the most prominent logging is a kerberos
GSS error, when the actual issue was a failure at the token evaluation of a client access
request to an HDFS encrypted zone. 
> In the example below we are presented with a kerberos error, but the actual error was
a failure of token authorization in an unexpected way.
> {code}
> 15/08/27 07:35:35 INFO mapreduce.Job: Task Id : attempt_1440594773177_0021_m_000009_0,
Status : FAILED 
> org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException:
No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) 
> java.io.IOException: org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt) 
> at 
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message