[ 
https://issues.apache.org/jira/browse/HADOOP-13627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiao Chen updated HADOOP-13627:
-------------------------------
    Attachment: HADOOP-13627.02.patch

Thanks [~ste...@apache.org] for the review and suggestions! I wasn't aware of 
{{PathIOException}} or {{FsExceptionMessages}}, helpful to know.

Patch 2 to accommodate all of them.

I should mention that, with #4, the exception messages may change slightly. 
- Added username to exception in {{getUGIFromTicketCache}}.
- Some places have 'user:' before username.

But I don't think our compat rules restrict this. The message changes shouldn't 
impact someone from googling the exception, which is the main concern.

Also pasting below some output FYI:
before:
{quote}java.io.IOException: Login failure for foo from keytab 
/var/folders/6l/7hfzdv912jvclwrzyfndwjn80000gp/T/junit1826438682419772260/foo.keytab:
 javax.security.auth.login.LoginException: _____{quote}
after:
{quote}org.apache.hadoop.security.KerberosAuthException: Login failure for 
user: foo from keytab 
/var/folders/6l/7hfzdv912jvclwrzyfndwjn80000gp/T/junit2928287392078972940/foo.keytab
 javax.security.auth.login.LoginException: _____
{quote}

before:
{quote}
java.io.IOException: failure to login using ticket cache file cache
{quote}
after:
{quote}
org.apache.hadoop.security.KerberosAuthException: failure to login: for user: 
user using ticket cache file: cache javax.security.auth.login.LoginException: 
Unable to obtain Principal Name for authentication 
{quote}

> Have an explicit KerberosAuthException for UGI to throw, text from public 
> constants
> -----------------------------------------------------------------------------------
>
>                 Key: HADOOP-13627
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13627
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.7.3
>            Reporter: Steve Loughran
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13627.01.patch, HADOOP-13627.02.patch
>
>
> UGI creates simple IOEs on failure, making it impossible to catch them, 
> ignore them, have smart retry logic around them, etc.
> # Have an explicit exception like {{KerberosAuthException extends 
> IOException}} to raise instead. We can't use {{AuthenticationException}} as 
> that doesn't extend IOE.
> # move {{UGI}}, {{SecurityUtil}} and things related off simple IOEs and into 
> the new one
> # review exceptions raised and consider if they can provide more information
> # for the strings that get created, put them as public static constants, so 
> that tests can look for them explicitly —tests that don't break if the text 
> is changed.
> # maybe, {{getUGIFromTicketCache}} to throw this rather than an RTE if no 
> login principals were found (it throws IOEs on login failures, after all)
> # keep KDiag in sync with this



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to