Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B1FE7200D27 for ; Wed, 25 Oct 2017 17:17:09 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id AE5461609E5; Wed, 25 Oct 2017 15:17:09 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id CDA7A1609DD for ; Wed, 25 Oct 2017 17:17:08 +0200 (CEST) Received: (qmail 96950 invoked by uid 500); 25 Oct 2017 15:17:08 -0000 Mailing-List: contact user-help@kudu.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@kudu.apache.org Delivered-To: mailing list user@kudu.apache.org Received: (qmail 96940 invoked by uid 99); 25 Oct 2017 15:17:07 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Oct 2017 15:17:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id DFC0BC2D8F for ; Wed, 25 Oct 2017 15:17:06 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.379 X-Spam-Level: ** X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=miriade.it Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id sJPwCKvi2neS for ; Wed, 25 Oct 2017 15:17:05 +0000 (UTC) Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com [209.85.161.171]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id B1A3C5F5B4 for ; Wed, 25 Oct 2017 15:17:04 +0000 (UTC) Received: by mail-yw0-f171.google.com with SMTP id w2so284755ywa.9 for ; Wed, 25 Oct 2017 08:17:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miriade.it; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=1NMtBUNrdMDW8XUWjT0bj3fn4jXKZgvLeKCo2AC5DpE=; b=A3iOWdMCRO03ZMUExrKNHy0gSXMv3lr7UKtli7lbqEk+gFGbOX/JzWyEjPuxpvBUxP Xi9N3g1z6jQqB72MG89kOmH6yVtvj/8f3AcxwMMVGmfiWWuPEQ2G4DRUI68nzL7JVlzZ BEOf4pPr2es9NofmcmBgftDTydD2KCCHLiG9Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=1NMtBUNrdMDW8XUWjT0bj3fn4jXKZgvLeKCo2AC5DpE=; b=WEWyOAtWD1hi9PMd2DpMjQZzWCasR70wNaAgO/gPbS8w+nMd6oGxB3gMSV5tTQGBuK wBZJzpbU3Ko/vnjx06q+ZfIFoIEGEtomUWhJeUp2WrQ+/oqel2eWobqhoq8Kvj6w8Gmx HkXOmerdu0NQRPvHE+p5eSJbdYN4HsqLp22+uG0SkXNl3GljCv7raYiJpNf94js0ZyYz JgwVPuEtpcshj2AKLadE3uoh5/DvJWWp3nvN1rFWKXPXbnoSEZ8j3xQwKLUndrPTtyX6 QX2DMywu/A/34xLxgeyWIRenUxebpSWM+iMTR3kgUvFcBQT/UDtXoRPad70Gub3BDcLo pttw== X-Gm-Message-State: AMCzsaXMcBmJ+c3o+XR1Z2XRysIEN/29lAsm7hOkM0cW8VJfxKI72j1y 0l+NDN151SNG421Rzm0+5A3nVehH9k6IqZPsh4JG+0EJ X-Google-Smtp-Source: ABhQp+Raiik3Y2vEW8G83VrbT1YPNCzfuLkTkYtIpdqpuCju9Ma9rZRlQsXl4v1+BAXV5FhAFYmxB//ufD8lAen/sZg= X-Received: by 10.129.101.87 with SMTP id z84mr13720161ywb.482.1508944623385; Wed, 25 Oct 2017 08:17:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.46.79 with HTTP; Wed, 25 Oct 2017 08:16:22 -0700 (PDT) In-Reply-To: References: From: Matteo Durighetto Date: Wed, 25 Oct 2017 17:16:22 +0200 Message-ID: Subject: Re: kudu 1.4 kerberos To: user@kudu.apache.org Content-Type: multipart/alternative; boundary="001a114c8a424354d2055c608c1f" archived-at: Wed, 25 Oct 2017 15:17:09 -0000 --001a114c8a424354d2055c608c1f Content-Type: text/plain; charset="UTF-8" Hello Todd, after the workaround, we gone in production, I will test asap in a new environment of test in the next days. Kind regards Matteo Durighetto 2017-10-24 21:46 GMT+02:00 Todd Lipcon : > On Tue, Oct 24, 2017 at 12:41 PM, Todd Lipcon wrote: > >> I've filed https://issues.apache.org/jira/browse/KUDU-2198 to provide a >> workaround for systems like this. I should have a patch up shortly since >> it's relatively simple. >> >> > ... and here's the patch, if you want to try it out, Matteo: > https://gerrit.cloudera.org/c/8373/ > > -Todd > > >> -Todd >> >> On Tue, Oct 17, 2017 at 7:00 PM, Brock Noland wrote: >> >>> Just one clarification below... >>> >>> > On Mon, Oct 16, 2017 at 2:29 PM, Matteo Durighetto < >>> m.durighetto@miriade.it> wrote: >>> > the "abcdefgh1234" it's an example of the the string created by the >>> cloudera manager during the enable kerberos. >>> >>> ... >>> >>> On Mon, Oct 16, 2017 at 11:57 PM, Todd Lipcon wrote: >>> > Interesting. What is the sAMAccountName in this case? Wouldn't all of >>> the 'kudu' have the same account name? >>> >>> CM generates some random names for cn and sAMAccountName. Below is an >>> example created by CM. >>> >>> dn: CN=uQAtUOSwrA,OU=valhalla-kerberos,OU=Hadoop,DC=phdata,DC=io >>> cn: uQAtUOSwrA >>> sAMAccountName: uQAtUOSwrA >>> userPrincipalName: kudu/worker5.valhalla.phdata.io@PHDATA.IO >>> servicePrincipalName: kudu/worker5.valhalla.phdata.io >>> >> >> >> >> -- >> Todd Lipcon >> Software Engineer, Cloudera >> > > > > -- > Todd Lipcon > Software Engineer, Cloudera > --001a114c8a424354d2055c608c1f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello Todd,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0after the workaround, we gone in p= roduction,=C2=A0 I will test asap in a new environment=C2=A0 of test in the= next days.

Kind regards

Matteo Durighetto

=
2017-10-24 21:46 GMT+02:00 Todd Lipcon <todd@cl= oudera.com>:
O= n Tue, Oct 24, 2017 at 12:41 PM, Todd Lipcon <todd@cloudera.com> wrote:
I've filed=C2=A0https://issues.apache.org/jira/browse/= KUDU-2198 to provide a workaround for systems like this. I should have = a patch up shortly since it's relatively simple.

<= /span>

... and here's the = patch, if you want to try it out, Matteo:

= -Todd
=C2=A0
-Todd

On Tue, Oct 17, 20= 17 at 7:00 PM, Brock Noland <brock@phdata.io> wrote:
Just one clarification below...=

> On Mon, Oct 16, 2017 at 2:29 PM, Matteo Durighetto <m.durighetto@miriade.it&g= t; wrote:
> the "abcdefgh1234" it's an example of the t= he string created by the cloudera manager during the enable kerberos.

...

On Mon, Oct 16, 2017 at 11:57 PM, Todd Lipcon <todd@cloudera.com> wrote:
> Interesting. What is the sAMAccountName in this case? Wouldn't all= of the 'kudu' have the same account name?

CM generates some random names for cn and sAMAccountName. Below is a= n
example created by CM.

dn: CN=3DuQAtUOSwrA,OU=3Dvalhalla-kerberos,OU=3DHadoop,DC=3Dphdata,DC= =3Dio
cn: uQAtUOSwrA
sAMAccountName: uQAtUOSwrA
userPrincipalName: kudu/worker5.valhalla.phdata.io@PHDATA.IO
servicePrincipalName: kudu/worker5.valhalla.phdata.io



--
Todd Lipcon
Software E= ngineer, Cloudera



<= /div>--
Todd Lipco= n
Software Engineer, Cloudera

--001a114c8a424354d2055c608c1f--