Kris Wilson created AIRFLOW-3144:
------------------------------------
Summary: Validate kerberos keytab on startup
Key: AIRFLOW-3144
URL: https://issues.apache.org/jira/browse/AIRFLOW-3144
Project: Apache Airflow
Issue Type: Improvement
Components: authentication
Reporter: Kris Wilson
at Twitter, we recently ran into an issue where an Airflow user was passing the
wrong secrets file as their kerberos keytab. Airflow happily accepted this file
(which contained plain old ascii text) as a keytab and then broke at runtime
with the following opaque log message:
{code:java}
[2018-10-01 23:45:14,976] ERROR in kerberos_ldap: Kerberos initialization error
for HTTP@$REDACTED: ('Cannot get sequence cursor from keytab', 2){code}
this made the problem unclear. rather than blindly accept any old file as a
keytab, it would be awesome if Airflow could run a validation step against the
keytab to confirm it's validity on startup by shelling out to either `klist` or
`kutil`.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
