hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12751) While using kerberos Hadoop incorrectly assumes names with '@' to be non-simple
Date Thu, 28 Apr 2016 14:04:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15262183#comment-15262183
] 

Hadoop QA commented on HADOOP-12751:
------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 7m 35s {color} | {color:blue}
Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green}
The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s {color}
| {color:green} The patch appears to include 4 new or modified test files. {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 33s {color} | {color:blue}
Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 34s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 56s {color} |
{color:green} trunk passed with JDK v1.8.0_92 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m 31s {color} |
{color:green} trunk passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 28s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 25s {color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 27s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 11s {color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 14s {color} |
{color:green} trunk passed with JDK v1.8.0_92 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 23s {color} |
{color:green} trunk passed with JDK v1.7.0_95 {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 9s {color} | {color:blue}
Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 2s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m 5s {color} | {color:green}
the patch passed with JDK v1.8.0_92 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 7m 5s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 7m 45s {color} |
{color:green} the patch passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 7m 45s {color} | {color:green}
the patch passed {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 26s {color} | {color:red}
hadoop-common-project: The patch generated 1 new + 93 unchanged - 0 fixed = 94 total (was
93) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 13s {color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 26s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color}
| {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 25s {color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 1s {color} | {color:green}
the patch passed with JDK v1.8.0_92 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 16s {color} |
{color:green} the patch passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 3m 37s {color} | {color:green}
hadoop-auth in the patch passed with JDK v1.8.0_92. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 4s {color} | {color:green}
hadoop-common in the patch passed with JDK v1.8.0_92. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 3m 58s {color} | {color:green}
hadoop-auth in the patch passed with JDK v1.7.0_95. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 25s {color} | {color:green}
hadoop-common in the patch passed with JDK v1.7.0_95. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 23s {color}
| {color:green} The patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 83m 59s {color} | {color:black}
{color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker |  Image:yetus/hadoop:7b1c37a |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12801224/0008-HADOOP-12751-leave-user-validation-to-os.patch
|
| JIRA Issue | HADOOP-12751 |
| Optional Tests |  asflicense  compile  javac  javadoc  mvninstall  mvnsite  unit  findbugs
 checkstyle  |
| uname | Linux 42c9a488e131 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh |
| git revision | trunk / 6f26b66 |
| Default Java | 1.7.0_95 |
| Multi-JDK versions |  /usr/lib/jvm/java-8-oracle:1.8.0_92 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
|
| findbugs | v3.0.0 |
| checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/9218/artifact/patchprocess/diff-checkstyle-hadoop-common-project.txt
|
| JDK v1.7.0_95  Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/9218/testReport/
|
| modules | C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common U: hadoop-common-project
|
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/9218/console |
| Powered by | Apache Yetus 0.3.0-SNAPSHOT   http://yetus.apache.org |


This message was automatically generated.



> While using kerberos Hadoop incorrectly assumes names with '@' to be non-simple
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-12751
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12751
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.7.2
>         Environment: kerberos
>            Reporter: Bolke de Bruin
>            Assignee: Bolke de Bruin
>            Priority: Critical
>              Labels: kerberos
>         Attachments: 0001-HADOOP-12751-leave-user-validation-to-os.patch, 0001-Remove-check-for-user-name-characters-and.patch,
0002-HADOOP-12751-leave-user-validation-to-os.patch, 0003-HADOOP-12751-leave-user-validation-to-os.patch,
0004-HADOOP-12751-leave-user-validation-to-os.patch, 0005-HADOOP-12751-leave-user-validation-to-os.patch,
0006-HADOOP-12751-leave-user-validation-to-os.patch, 0007-HADOOP-12751-leave-user-validation-to-os.patch,
0007-HADOOP-12751-leave-user-validation-to-os.patch, 0008-HADOOP-12751-leave-user-validation-to-os.patch,
0008-HADOOP-12751-leave-user-validation-to-os.patch
>
>
> In the scenario of a trust between two directories, eg. FreeIPA (ipa.local) and Active
Directory (ad.local) users can be made available on the OS level by something like sssd. The
trusted users will be of the form 'user@ad.local' while other users are will not contain the
domain. Executing 'id -Gn user@ad.local' will successfully return the groups the user belongs
to if configured correctly. 
> However, it is assumed by Hadoop that users of the format with '@' cannot be correct.
This code is in KerberosName.java and seems to be a validator if the 'auth_to_local' rules
are applied correctly.
> In my opinion this should be removed or changed to a different kind of check or maybe
logged as a warning while still proceeding, as the current behavior limits integration possibilities
with other standard tools.
> Workaround are difficult to apply (by having a rewrite by system tools to for example
user_ad_local) due to down stream consequences.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message