hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-3873) Hftp assumes security is disabled if token fetch fails
Date Thu, 30 Aug 2012 22:23:08 GMT

     [ https://issues.apache.org/jira/browse/HDFS-3873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daryn Sharp updated HDFS-3873:
------------------------------

    Attachment: HDFS-3873.patch

Only considers a connection refused exception as "security disabled" since an insecure cluster
does not listen on the secure port.  Note this prevents jobs from launching w/o tokens.

I spent the better part of the day debugging why an oozie launcher task was trying to get
a hftp token.  Turns out AES was specified in krb5.conf which caused a SSL exception that
was silently swallowed during job submission.  The job launched and the tasks failed with
user not authenticated messages from the NN.  This patch evolved from the debugging effort.
                
> Hftp assumes security is disabled if token fetch fails
> ------------------------------------------------------
>
>                 Key: HDFS-3873
>                 URL: https://issues.apache.org/jira/browse/HDFS-3873
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: hdfs client
>    Affects Versions: 0.23.3, 3.0.0, 2.2.0-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HDFS-3873.patch
>
>
> Hftp ignores all exceptions generated while trying to get a token, based on the assumption
that it means security is disabled.  Debugging problems is excruciatingly difficult when security
is enabled but something goes wrong.  Job submissions succeed, but tasks fail because the
NN rejects the user as unauthenticated.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message