[
https://issues.apache.org/jira/browse/HADOOP-12426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-12426:
------------------------------------
Attachment: HADOOP-12426-001.patch
Patch -001
this is derived from the slider kdiag, adding a toolrunner entry point, some
more checks, and some basic tests.
Even with a {{UGI.reset()}} called between test methods, the JVM state is a
mess: if you try to log in as an unknown principal, you are still assumed to be
that principal. Accordingly: one test is commented out.
Test-wise, this is the limit of what you can do in unit tests.
I've not added this as an end-user command, not yet...it needs playing with.
Usage
{code}
kdiag [--keytab <keytab> --principal <principal>] [--out <outfile>]
[--keylength <length>] [--secure]
{code}
the -secure flag fails fast on an insecure cluster
> Add Entry point for Kerberos health check
> -----------------------------------------
>
> Key: HADOOP-12426
> URL: https://issues.apache.org/jira/browse/HADOOP-12426
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 3.0.0
> Reporter: Steve Loughran
> Priority: Minor
> Attachments: HADOOP-12426-001.patch
>
>
> If we a little command line entry point for testing kerberos settings,
> including some automated diagnostics checks, we could simplify fielding the
> client-side support calls.
> Specifically
> * check JRE for having java crypto extensions at full key length.
> * network checks: do you know your own name?
> * Is the user kinited in?
> * if a tgt is specified, does it exist?
> * are hadoop security options consistent?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
