[
https://issues.apache.org/jira/browse/SENTRY-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13963334#comment-13963334
]
Tuong Truong commented on SENTRY-169:
-------------------------------------
Prasad,
Based on my research and understanding, the environment variable KRB5CCNAME is
the standard way for passing in the cache ticket (the pam_krb5 PAM module make
use of this to pass in ticket files with random chars in its name). In
getAppConfigurationEntry, the code is building a configuration for Kerberos
login, and needs to respect the environment variable setting. For IBM JAVA, it
needs to propagate the settings to a the system property where it will be
looked up.
Your question is an interesting one. If there is a IBM Java specific usage
where user set the KRB5CCNAME Java property directly, I think it may make
sense for the code to do a secondary check for the Java property when the env
variable is empty and set things up properly. I will upload another patch
later today including this change.
Regarding the compilation failure, looking at the log, it failed with some
javac 1.7 issue. So it's not related to my patch.
> JAAS login options not compatible with IBM JDK
> ------------------------------------------------
>
> Key: SENTRY-169
> URL: https://issues.apache.org/jira/browse/SENTRY-169
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.4.0
> Reporter: Tuong Truong
> Labels: IBM_JAVA, JAAS
> Fix For: 1.4.0
>
> Attachments: SENTRY-169.patch
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> When running test with IBM JDK, a number of testcases in
> /sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift
> failed due to incompatible JAAS login options for IBM Java.
> JAAS login options needs to update to IBM Java options.
> Testcases failed with the following stack:
> 2014-04-01 17:43:26,423 (main) [INFO -
> org.apache.sentry.service.thrift.SentryService.start(SentryService.java:230)]
> Attempting to start...
> 2014-04-01 17:43:26,424 (main) [INFO -
> org.apache.sentry.service.thrift.SentryService.isRunning(SentryService.java:220)]
> status:STARTED
> 2014-04-01 17:43:26,424 (main) [INFO -
> org.apache.sentry.service.thrift.SentryService.isRunning(SentryService.java:221)]
> thriftServer:null
> 2014-04-01 17:43:26,467 (SentryService-0) [ERROR -
> org.apache.sentry.service.thrift.SentryService.run(SentryService.java:152)]
> Error starting server
> javax.security.auth.login.LoginException: Bad JAAS configuration:
> unrecognized option: isInitiator
> at
> com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:25)
> at
> com.ibm.security.auth.module.Krb5LoginModule.d(Krb5LoginModule.java:233)
> at
> com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:669)
> at
> com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:214)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:94)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
> at java.lang.reflect.Method.invoke(Method.java:619)
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:796)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:211)
> at javax.security.auth.login.LoginContext$5.run(LoginContext.java:733)
> at javax.security.auth.login.LoginContext$5.run(LoginContext.java:731)
> at
> java.security.AccessController.doPrivileged(AccessController.java:366)
> at
> javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:730)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:600)
> at
> org.apache.sentry.service.thrift.SentryService.run(SentryService.java:139)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:482)
> at java.util.concurrent.FutureTask.run(FutureTask.java:273)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1170)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:640)
> at java.lang.Thread.run(Thread.java:853)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
