hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12617) SPNEGO authentication request to non-default realm gets default realm name inserted in target server principal
Date Mon, 07 Dec 2015 18:22:11 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15045401#comment-15045401
] 

Hadoop QA commented on HADOOP-12617:
------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 0s {color} | {color:blue}
Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green}
The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color}
| {color:green} The patch appears to include 1 new or modified test files. {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 59s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 8m 57s {color} |
{color:green} trunk passed with JDK v1.8.0_66 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 9m 28s {color} |
{color:green} trunk passed with JDK v1.7.0_85 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 9s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m 21s {color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 13s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 28s {color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 13s {color} |
{color:green} trunk passed with JDK v1.8.0_66 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s {color} |
{color:green} trunk passed with JDK v1.7.0_85 {color} |
| {color:red}-1{color} | {color:red} mvninstall {color} | {color:red} 0m 15s {color} | {color:red}
hadoop-auth in the patch failed. {color} |
| {color:red}-1{color} | {color:red} compile {color} | {color:red} 0m 21s {color} | {color:red}
root in the patch failed with JDK v1.8.0_66. {color} |
| {color:red}-1{color} | {color:red} javac {color} | {color:red} 0m 21s {color} | {color:red}
root in the patch failed with JDK v1.8.0_66. {color} |
| {color:red}-1{color} | {color:red} compile {color} | {color:red} 0m 24s {color} | {color:red}
root in the patch failed with JDK v1.7.0_85. {color} |
| {color:red}-1{color} | {color:red} javac {color} | {color:red} 0m 24s {color} | {color:red}
root in the patch failed with JDK v1.7.0_85. {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 9s {color} | {color:red}
Patch generated 4 new checkstyle issues in hadoop-common-project/hadoop-auth (total was 15,
now 19). {color} |
| {color:red}-1{color} | {color:red} mvnsite {color} | {color:red} 0m 16s {color} | {color:red}
hadoop-auth in the patch failed. {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 13s {color}
| {color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} whitespace {color} | {color:red} 0m 0s {color} | {color:red}
The patch has 14 line(s) that end in whitespace. Use git apply --whitespace=fix. {color} |
| {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 0m 13s {color} | {color:red}
hadoop-auth in the patch failed. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 13s {color} |
{color:green} the patch passed with JDK v1.8.0_66 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s {color} |
{color:green} the patch passed with JDK v1.7.0_85 {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 0m 13s {color} | {color:red}
hadoop-auth in the patch failed with JDK v1.8.0_66. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 0m 15s {color} | {color:red}
hadoop-auth in the patch failed with JDK v1.7.0_85. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 22s {color}
| {color:green} Patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 32m 9s {color} | {color:black}
{color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker |  Image:yetus/hadoop:0ca8df7 |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12776136/HADOOP-12617.002.patch
|
| JIRA Issue | HADOOP-12617 |
| Optional Tests |  asflicense  compile  javac  javadoc  mvninstall  mvnsite  unit  findbugs
 checkstyle  |
| uname | Linux 05e7fb9513d8 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh |
| git revision | trunk / 01a641b |
| findbugs | v3.0.0 |
| mvninstall | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-mvninstall-hadoop-common-project_hadoop-auth.txt
|
| compile | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-compile-root-jdk1.8.0_66.txt
|
| javac | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-compile-root-jdk1.8.0_66.txt
|
| compile | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-compile-root-jdk1.7.0_85.txt
|
| javac | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-compile-root-jdk1.7.0_85.txt
|
| checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-auth.txt
|
| mvnsite | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-mvnsite-hadoop-common-project_hadoop-auth.txt
|
| whitespace | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/whitespace-eol.txt
|
| findbugs | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-findbugs-hadoop-common-project_hadoop-auth.txt
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-auth-jdk1.8.0_66.txt
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-auth-jdk1.7.0_85.txt
|
| JDK v1.7.0_85  Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/testReport/
|
| modules | C: hadoop-common-project/hadoop-auth U: hadoop-common-project/hadoop-auth |
| Max memory used | 75MB |
| Powered by | Apache Yetus    http://yetus.apache.org |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/8195/console |


This message was automatically generated.



> SPNEGO authentication request to non-default realm gets default realm name inserted in
target server principal
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12617
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12617
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.7.1
>         Environment: Java client talking to two secure clusters in different Kerberos
realms,
> or talking to any secure cluster in non-default realm
>            Reporter: Matt Foley
>            Assignee: Matt Foley
>         Attachments: HADOOP-12617-branch-2.7.001.patch, HADOOP-12617.001.patch, HADOOP-12617.002.patch
>
>
> Note: This is NOT a vulnerability.
> In order for a single Java client to communicate with two different secure clusters in
different realms (only one of which can be the "default_realm"), the client's krb5.conf file
must specify both realms, and provide a \[domain_realm\] section that maps cluster servers'
domains to the correct realms.  With other appropriate behaviors (such as using the config
from each cluster to talk to the respective clusters, and a user principal from each realm
to talk to the respective realms), this is sufficient for most Hadoop ecosystem clients. 

> But our SPNEGO using clients, such as Oozie, have a bug when it comes to talking to a
non-default realm.  The default realm name gets incorrectly inserted into the construction
of the target server principal for the non-default-realm cluster.  Details and proposed solution
are given in the first comments below.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message