[
https://issues.apache.org/jira/browse/AIRFLOW-987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15925608#comment-15925608
]
Ruslan Dautkhanov edited comment on AIRFLOW-987 at 3/15/17 6:24 AM:
--------------------------------------------------------------------
I use kinit very often and familiar with the tool.
kinit works fine outside of Airflow
{noformat}
$ kinit -kt /home/rdautkha/.keytab [email protected]; echo $?
0
rdautkha@pc1udatahgw01 airflow $ klist | grep "03/15/17"
03/15/17 00:19:38 03/15/17 10:19:40 krbtgt/[email protected]
{noformat}
(I've changed realm)
If you didn't notice `airflow kerberos` used "airflow" as principal and
"airflow.keytab" in the output dump above, no matter which parameters I give.
was (Author: tagar):
I use kinit very often and familiar with the tool.
kinit works fine outside of Airflow
{noformat}
$ kinit -kt /home/rdautkha/.keytab [email protected]; echo $?
0
rdautkha@pc1udatahgw01 airflow $ klist | grep "03/15/17"
03/15/17 00:19:38 03/15/17 10:19:40 krbtgt/[email protected]
{noformat}
(I've changed realm)
If you didn't notice `airflow kerberos` used "airflow" as principal and
"airflow.keytab" in the output dump above, no matter which parameters I give.
> `airflow kerberos` ignores --keytab and --principal arguments
> -------------------------------------------------------------
>
> Key: AIRFLOW-987
> URL: https://issues.apache.org/jira/browse/AIRFLOW-987
> Project: Apache Airflow
> Issue Type: Bug
> Components: security
> Affects Versions: Airflow 1.8
> Environment: 1.8-rc5
> Reporter: Ruslan Dautkhanov
> Assignee: Bolke de Bruin
> Labels: easyfix, kerberos, security
>
> No matter which arguments I pass to `airflow kerberos`,
> it always executes as `kinit -r 3600m -k -t airflow.keytab -c
> /tmp/airflow_krb5_ccache airflow`
> So it failes with expected "kinit: Keytab contains no suitable keys for
> [email protected] while getting initial credentials"
> Tried different arguments, -kt and --keytab, here's one of the runs (some
> lines wrapped for readability):
> {noformat}
> $ airflow kerberos -kt /home/rdautkha/.keytab [email protected]
> [2017-03-14 23:50:11,523] {__init__.py:57} INFO - Using executor LocalExecutor
> [2017-03-14 23:50:12,069] {kerberos.py:43} INFO - Reinitting kerberos from
> keytab:
> kinit -r 3600m -k -t airflow.keytab -c /tmp/airflow_krb5_ccache airflow
> [2017-03-14 23:50:12,080] {kerberos.py:55} ERROR -
> Couldn't reinit from keytab! `kinit' exited with 1.
> kinit: Keytab contains no suitable keys for [email protected]
> while getting initial credentials
> {noformat}
> 1.8-rc5
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
