This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 6763f73 ZOOKEEPER-3715: fix Kerberos test failures for new JDK
versions
6763f73 is described below
commit 6763f73cb64d87145e8e642d9e4fcc1e0d509216
Author: Mate Szalay-Beko <[email protected]>
AuthorDate: Tue Feb 4 10:39:02 2020 +0100
ZOOKEEPER-3715: fix Kerberos test failures for new JDK versions
Using OpenJDK 8u.242 or OpenJDK 11.0.6, we have some kerberos exceptions
when running the following, Kerberos Authentication related tests:
- QuorumKerberosAuthTest
- QuorumKerberosHostBasedAuthTest
- SaslKerberosAuthOverSSLTest
After trying this with different JDK versions, we see that the problem
seems to appear:
- between OpenJDK 8u.232 and 8u.242 for java 8
- and between 11.0.3 and 11.0.6 for java 11
There are a lot of kerberos related changes after 8u.232:
see https://hg.openjdk.java.net/jdk8u/jdk8u/jdk
I didn't really found the root cause of the issue, but the problem
disappeared
after upgrading the Apache Kerby. Kerby is used only by the tests to start
a local
embedded KDC server. I also checked the dependencies of the new Kerby
version
and there is nothing to exclude there as far as I saw.
I also improved the logging of errors during Kerberos authentication
problems by
printing out some more exceptions.
Author: Mate Szalay-Beko <[email protected]>
Reviewers: Enrico Olivelli <[email protected]>, Norbert Kalmar
<[email protected]>
Closes #1244 from symat/ZOOKEEPER-3715
---
pom.xml | 2 +-
.../src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java | 2 +-
.../org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 458b778..22ddeee 100755
--- a/pom.xml
+++ b/pom.xml
@@ -331,7 +331,7 @@
<json.version>1.1.1</json.version>
<jline.version>2.11</jline.version>
<snappy.version>1.1.7</snappy.version>
- <kerby.version>1.1.0</kerby.version>
+ <kerby.version>2.0.0</kerby.version>
<bouncycastle.version>1.60</bouncycastle.version>
<commons-collections.version>3.2.2</commons-collections.version>
<commons-lang.version>2.6</commons-lang.version>
diff --git
a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
index 9021f46..b0598bc 100644
---
a/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
+++
b/zookeeper-server/src/main/java/org/apache/zookeeper/client/ZooKeeperSaslClient.java
@@ -335,7 +335,7 @@ public class ZooKeeperSaslClient {
error += " Zookeeper Client will go to AUTH_FAILED state.";
LOG.error(error);
saslState = SaslState.FAILED;
- throw new SaslException(error);
+ throw new SaslException(error, e);
}
}
} else {
diff --git
a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
index d9e44ff..12cec78 100644
---
a/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
+++
b/zookeeper-server/src/main/java/org/apache/zookeeper/server/quorum/auth/SaslQuorumAuthLearner.java
@@ -195,7 +195,7 @@ public class SaslQuorumAuthLearner implements
QuorumAuthLearner {
+ "
'-Dsun.net.spi.nameservice.provider.1=dns,sun' to your server's JVMFLAGS
environment.";
}
LOG.error(error);
- throw new SaslException(error);
+ throw new SaslException(error, e);
}
}
} else {
