Suraj Acharya created HADOOP-13526:
--------------------------------------
Summary: Add detailed logging in KMS log for the authentication
failure of proxy user
Key: HADOOP-13526
URL: https://issues.apache.org/jira/browse/HADOOP-13526
Project: Hadoop Common
Issue Type: Bug
Components: kms
Environment: RHEL
Reporter: Suraj Acharya
Priority: Minor
Problem :
User A was not able to write a file to HDFS Encryption Zone. It was resolved by
adding proxy user A in kms-site.xml
However, the logs showed :
{code}2016-08-10 19:32:08,954 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request
https://vm.example.com:16000/kms/v1/keyversion/aMxsSSKmMEzINTIrKURpFJgHnZxiOvsT9L1nMpbUoGu/_eek?eek_op=decrypt&doAs=userb&user.name=usera
user [usera] authenticated{code}
Possible Solution :
So the message which says the user was successfully authenticated comes from
{{AuthenticationFilter.java}}. However, when the filter on
{{DelegationTokenAuthenticationFilter}} is called it hits an exception there
and there is no log message there. This leads to the confusion that we have had
a success while the exception happens in the next class.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
