hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14636) TestKDiag failing intermittently on Jenkins/Yetus at login from keytab
Date Sun, 09 Jul 2017 13:03:01 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16079607#comment-16079607
] 

Steve Loughran commented on HADOOP-14636:
-----------------------------------------

bq. and/or Configuration can't deal with empty env vars.

the latter; doesn't resolve or reject any empty props. 

Java should be looking at PATH for library load too, shouldn't it? Certainly on windows I'd
expect it, as that's how DLLs get resolved. Don't know about unix-land.

> TestKDiag failing intermittently on Jenkins/Yetus at login from keytab
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-14636
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14636
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security, test
>    Affects Versions: 3.0.0-beta1
>         Environment: {code}
> user.name = "jenkins"
> java.version = "1.8.0_131"
> java.security.krb5.conf = "/testptch/hadoop/hadoop-common-project/hadoop-common/target/1499472499650/krb5.conf"
> kdc.resource.dir = "src/test/resources/kdc"
> hadoop.kerberos.kinit.command = "kinit"
> hadoop.security.authentication = "KERBEROS"
> hadoop.security.authorization = "false"
> hadoop.kerberos.min.seconds.before.relogin = "60"
> hadoop.security.dns.interface = "(unset)"
> hadoop.security.dns.nameserver = "(unset)"
> hadoop.rpc.protection = "authentication"
> hadoop.security.saslproperties.resolver.class = "(unset)"
> hadoop.security.crypto.codec.classes = "(unset)"
> hadoop.security.group.mapping = "org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback"
> hadoop.security.impersonation.provider.class = "(unset)"
> dfs.data.transfer.protection = "(unset)"
> dfs.data.transfer.saslproperties.resolver.class = "(unset)"
> 2017-07-08 00:08:20,381 WARN  security.KDiag (KDiag.java:execute(365)) - The default
cluster security is insecure
> {code}
>            Reporter: Steve Loughran
>            Priority: Minor
>         Attachments: output.txt
>
>
> The test {{TestKDiag}} is failing intermittently on Yetus builds, 
> {code}
> org.apache.hadoop.security.KerberosAuthException: Login failure for user: foo@EXAMPLE.COM
from keytab /testptch/hadoop/hadoop-common-project/hadoop-common/target/keytab javax.security.auth.login.LoginException:
Unable to obtain password from user
> {code}
> The tests that fail are all trying to log in using a keytab just created, the JVM isn't
having any of it.
> Possible causes? I can think of a few to start with
> # keytab generation
> # keytab path parameter wrong
> # JVM isn't doing the login
> # some race condition
> # Host OS
> # Other environment issues (clock, network...)
> There's no recent changes in the kdiag or UGI code.
> The failure is intermittent, not surfacing for me (others?) locally, which which could
point at: JVM, host OS, race condition, other env  issues.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message