[
https://issues.apache.org/jira/browse/HADOOP-12649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15059985#comment-15059985
]
Steve Loughran commented on HADOOP-12649:
-----------------------------------------
SLIDER-1027 covers a kerberos diagnostics command line entry I'm adding in
slider; it has to go into the hadoop.security package to be able to force
keytab renewal.
It's a bit limited in what it can debug; there's not enough information for
diagnostics, and when things like the renewer thread exit, there is no obvious
way to determine the fact. At the very least have some bool we can probe to see
if the thread is running
> Improve UGI diagnostics and failure handling
> --------------------------------------------
>
> Key: HADOOP-12649
> URL: https://issues.apache.org/jira/browse/HADOOP-12649
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.7.1
> Environment: Kerberos
> Reporter: Steve Loughran
>
> Sometimes —apparently— some people cannot get kerberos to work.
> The ability to diagnose problems here is hampered by some aspects of UGI
> # the only way to turn on JAAS debug information is through an env var, not
> within the JVM
> # failures are potentially underlogged
> # exceptions raised are generic IOEs, so can't be trapped and filtered
> # failure handling on the TGT renewer thread is nonexistent
> # the code is barely-readable, underdocumented mess.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
