phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guanghao Zhang (Jira)" <j...@apache.org>
Subject [jira] [Updated] (PHOENIX-5904) Add log if the configed kerberos principal login failed
Date Wed, 20 May 2020 10:52:00 GMT

     [ https://issues.apache.org/jira/browse/PHOENIX-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Guanghao Zhang updated PHOENIX-5904:
------------------------------------
    Attachment: PHOENIX-5904.website.diff

> Add log if the configed kerberos principal login failed
> -------------------------------------------------------
>
>                 Key: PHOENIX-5904
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-5904
>             Project: Phoenix
>          Issue Type: Improvement
>          Components: queryserver
>            Reporter: Guanghao Zhang
>            Assignee: Guanghao Zhang
>            Priority: Minor
>         Attachments: PHOENIX-5904.website.diff
>
>
> {code:java}
> SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
>     QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
> LOG.info("Login successful.");
> {code}
> But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled
return false.
>  
> {code:java}
> public static void login(final Configuration conf,
>     final String keytabFileKey, final String userNameKey, String hostname)
>     throws IOException {
>   
>   if(!UserGroupInformation.isSecurityEnabled()) 
>     return;
>   
>   String keytabFilename = conf.get(keytabFileKey);
>   if (keytabFilename == null || keytabFilename.length() == 0) {
>     throw new IOException("Running in secure mode, but config doesn't have a keytab");
>   }
>   String principalConfig = conf.get(userNameKey, System
>       .getProperty("user.name"));
>   String principalName = SecurityUtil.getServerPrincipal(principalConfig,
>       hostname);
>   UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
> }
> {code}
> UserGroupInformation.isSecurityEnabled is configed by *hadoop.security.authentication*.
But the document only said need to config *hbase.security.authentication*. So, I thought we
need to add document about this, too. 
>  
> QueryServer doc: [https://phoenix.apache.org/server.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message