[jira] [Comment Edited] (AIRFLOW-987) `airflow kerberos` ignores --keytab and --principal arguments

Tue, 14 Mar 2017 23:25:37 -0700 

    [ 
https://issues.apache.org/jira/browse/AIRFLOW-987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15925608#comment-15925608
 ] 

Ruslan Dautkhanov edited comment on AIRFLOW-987 at 3/15/17 6:24 AM:
--------------------------------------------------------------------

I use kinit very often and familiar with the tool. 

kinit works fine outside of Airflow

{noformat}
$ kinit -kt /home/rdautkha/.keytab rdautkha...@corp.some.com; echo $?
0

rdautkha@pc1udatahgw01 airflow  $ klist | grep "03/15/17"
03/15/17 00:19:38  03/15/17 10:19:40  krbtgt/corp.some....@corp.some.com
{noformat}
(I've changed realm)

If you didn't notice `airflow kerberos` used "airflow" as principal and 
"airflow.keytab" in the output dump above, no matter which parameters I give.


was (Author: tagar):
I use kinit very often and familiar with the tool. 

kinit works fine outside of Airflow

{noformat}
$ kinit -kt /home/rdautkha/.keytab rdautkha...@corp.some.com; echo $?
0

rdautkha@pc1udatahgw01 airflow  $ klist | grep "03/15/17"
03/15/17 00:19:38  03/15/17 10:19:40  krbtgt/corp.epsilon....@corp.some.com
{noformat}
(I've changed realm)

If you didn't notice `airflow kerberos` used "airflow" as principal and 
"airflow.keytab" in the output dump above, no matter which parameters I give.

> `airflow kerberos` ignores --keytab and --principal arguments
> -------------------------------------------------------------
>
>                 Key: AIRFLOW-987
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-987
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security
>    Affects Versions: Airflow 1.8
>         Environment: 1.8-rc5
>            Reporter: Ruslan Dautkhanov
>            Assignee: Bolke de Bruin
>              Labels: easyfix, kerberos, security
>
> No matter which arguments I pass to `airflow kerberos`, 
> it always executes as `kinit -r 3600m -k -t airflow.keytab -c 
> /tmp/airflow_krb5_ccache airflow`
> So it failes with expected "kinit: Keytab contains no suitable keys for 
> airf...@corp.some.com while getting initial credentials"
> Tried different arguments, -kt and --keytab, here's one of the runs (some 
> lines wrapped for readability):
> {noformat}
> $ airflow kerberos -kt /home/rdautkha/.keytab rdautkha...@corp.some.com
> [2017-03-14 23:50:11,523] {__init__.py:57} INFO - Using executor LocalExecutor
> [2017-03-14 23:50:12,069] {kerberos.py:43} INFO - Reinitting kerberos from 
> keytab: 
> kinit -r 3600m -k -t airflow.keytab -c /tmp/airflow_krb5_ccache airflow
> [2017-03-14 23:50:12,080] {kerberos.py:55} ERROR -
>  Couldn't reinit from keytab! `kinit' exited with 1.
> kinit: Keytab contains no suitable keys for airf...@corp.some.com 
> while getting initial credentials
> {noformat}
> 1.8-rc5



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to