[
https://issues.apache.org/jira/browse/HADOOP-13890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15747539#comment-15747539
]
Xiaoyu Yao commented on HADOOP-13890:
-------------------------------------
[~yuanbo], the issue you hit is IBM JDK specific. TestWebDelegationToken was
failing even without HADOOP-13565.
Based on that, I think the failure is not related to either HADOOP-13565 or
HADOOP-13890 we are trying to solve here.
If you want, we could fix IBM JDK issue for TestWebDelegationToken in a
separate ticket later.
IBM JDK 8
{code}
[root@c6404 hadoop]# /opt/ibm/java-x86_64-80/bin/java -version
java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr3fp12-20160919_01(SR3 FP12))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References
20160915_318796 (JIT enabled, AOT enabled)
J9VM - R28_Java8_SR3_20160915_0912_B318796
JIT - tr.r14.java.green_20160818_122998
GC - R28_Java8_SR3_20160915_0912_B318796_CMPRSS
J9CL - 20160915_318796)
JCL - 20160914_01 based on Oracle jdk8u101-b13
{code}
Git info after revert HADOOP-13565.
{code}
commit b5a719486112fa1ca60bee5eec81f41a0828b928
Author: root <[email protected]>
Date: Wed Dec 14 07:10:36 2016 +0000
Revert "HADOOP-13565. KerberosAuthenticationHandler#authenticate should not
rebuild SPN based on client request. Contributed by Xiaoyu Yao."
This reverts commit 4c38f11cec0664b70e52f9563052dca8fb17c33f.
{code}
The test still failed even after revert HADOOP-13565.
{code}
Tests run: 12, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 10.748 sec <<<
FAILURE! - in
org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken
testKerberosDelegationTokenAuthenticator(org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken)
Time elapsed: 1.571 sec <<< ERROR!
javax.security.auth.login.LoginException: Bad JAAS configuration: unrecognized
option: isInitiator
at
com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:23)
at
com.ibm.security.auth.module.Krb5LoginModule.d(Krb5LoginModule.java:57)
at
com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:686)
at
com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:214)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:721)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:719)
at
java.security.AccessController.doPrivileged(AccessController.java:686)
at
javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:719)
at javax.security.auth.login.LoginContext.login(LoginContext.java:593)
at
org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken.doAsKerberosUser(TestWebDelegationToken.java:710)
at
org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken.testKerberosDelegationTokenAuthenticator(TestWebDelegationToken.java:778)
at
org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken.testKerberosDelegationTokenAuthenticator(TestWebDelegationToken.java:729)
{code}
> TestWebDelegationToken and TestKMS fails in trunk
> -------------------------------------------------
>
> Key: HADOOP-13890
> URL: https://issues.apache.org/jira/browse/HADOOP-13890
> Project: Hadoop Common
> Issue Type: Bug
> Components: test
> Reporter: Brahma Reddy Battula
> Assignee: Xiaoyu Yao
> Attachments: HADOOP-13890.00.patch, HADOOP-13890.01.patch,
> HADOOP-13890.02.patch, HADOOP-13890.03.patch, HADOOP-13890.04.patch,
> test-failure.txt
>
>
> TestWebDelegationToken, TestKMS , TestTrashWithSecureEncryptionZones and
> TestSecureEncryptionZoneWithKMS started failing in trunk because the SPENGO
> principle used in these test are incomplete: HTTP/localhost assuming the
> default realm will be applied at authentication time. This ticket is opened
> to fix these unit test with complete HTTP principal.
> {noformat}
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> Invalid SPNEGO sequence, status code: 403
> at
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.readToken(KerberosAuthenticator.java:371)
> at
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.access$300(KerberosAuthenticator.java:53)
> at
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:317)
> at
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:287)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:287)
> at
> org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:205)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:132)
> at
> org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:298)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.getDelegationToken(DelegationTokenAuthenticator.java:170)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.getDelegationToken(DelegationTokenAuthenticatedURL.java:373)
> at
> org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken$5.call(TestWebDelegationToken.java:782)
> at
> org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken$5.call(TestWebDelegationToken.java:779)
> at
> org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken$4.run(TestWebDelegationToken.java:715)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken.doAsKerberosUser(TestWebDelegationToken.java:712)
> at
> org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken.testKerberosDelegationTokenAuthenticator(TestWebDelegationToken.java:778)
> at
> org.apache.hadoop.security.token.delegation.web.TestWebDelegationToken.testKerberosDelegationTokenAuthenticator(TestWebDelegationToken.java:729)
> {noformat}
> *Jenkins URL*
> https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/251/testReport/
> https://builds.apache.org/job/PreCommit-HADOOP-Build/11240/testReport/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
