hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ramkrishna.s.vasudevan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-7781) Update security unit tests to use a KDC if available
Date Mon, 23 Dec 2013 10:10:51 GMT

    [ https://issues.apache.org/jira/browse/HBASE-7781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13855536#comment-13855536
] 

ramkrishna.s.vasudevan commented on HBASE-7781:
-----------------------------------------------

If my realm is hbase@HADOOP.LOCALDOMAIN, what should be the contents of the keytab file? I
get this error 
{code}
java.io.IOException: Login failure for hbase@HADOOP.LOCALDOMAIN from keytab hbase.keytab
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:695)
	at org.apache.hadoop.hbase.security.HBaseKerberosUtils.login(HBaseKerberosUtils.java:116)
	at org.apache.hadoop.hbase.security.TestUsersOperationsWithSecureHadoop.testUserLoginInSecureHadoop(TestUsersOperationsWithSecureHadoop.java:88)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
	at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

	at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source)
	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
	at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at javax.security.auth.login.LoginContext.invoke(Unknown Source)
	at javax.security.auth.login.LoginContext.access$000(Unknown Source)
	at javax.security.auth.login.LoginContext$5.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown Source)
	at javax.security.auth.login.LoginContext.login(Unknown Source)
	at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:686)
	... 27 more


{code}

Ideally the code should use the keyTab.  Am trying to use the MiniKDC here. TestUsersOperationsWithSecureHadoop
- this test gets skipped in the actual builds i think as it needs the keytab and principle
to be passed.  

> Update security unit tests to use a KDC if available
> ----------------------------------------------------
>
>                 Key: HBASE-7781
>                 URL: https://issues.apache.org/jira/browse/HBASE-7781
>             Project: HBase
>          Issue Type: Test
>          Components: security, test
>            Reporter: Gary Helmling
>            Assignee: ramkrishna.s.vasudevan
>            Priority: Blocker
>             Fix For: 0.98.0
>
>
> We currently have large holes in the test coverage of HBase with security enabled.  Two
recent examples of bugs which really should have been caught with testing are HBASE-7771 and
HBASE-7772.  The long standing problem with testing with security enabled has been the requirement
for supporting kerberos infrastructure.
> We need to close this gap and provide some automated testing with security enabled, if
necessary standing up and provisioning a temporary KDC as an option for running integration
tests, see HADOOP-8078 and HADOOP-9004 where a similar approach was taken.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message