[jira] [Commented] (HADOOP-11117) UGI HadoopLoginModule doesn't catch & wrap all kerberos-related exceptions

Mon, 22 Sep 2014 13:47:41 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14143785#comment-14143785
 ] 

Steve Loughran commented on HADOOP-11117:
-----------------------------------------

With better catch and forward
{code}
java.io.IOException: Login failure for zookeeper/localhost from keytab 
/target/kdc/zookeeper.keytab
        at 
org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:389)
        at org.apache.hadoop.security.User.<init>(User.java:48)
        at org.apache.hadoop.security.User.<init>(User.java:43)
        at 
org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:187)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
        at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:596)
        at 
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1118)
        at 
org.apache.hadoop.yarn.registry.RegistryTestHelper.loginUGI(RegistryTestHelper.java:355)
        at 
org.apache.hadoop.yarn.registry.secure.TestSecureLogins.testUGILogin(TestSecureLogins.java:177)
{code}

> UGI HadoopLoginModule doesn't catch & wrap all kerberos-related exceptions
> --------------------------------------------------------------------------
>
>                 Key: HADOOP-11117
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11117
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.5.1
>            Reporter: Steve Loughran
>            Priority: Minor
>
> If something is failing with kerberos login, 
> {{UserGroupInformation.loginUserFromKeytabAndReturnUGI()}} should fail with 
> useful information. But not all exceptions from the inner code are caught and 
> converted to LoginException. Those exceptions that aren't wrapped have their 
> text and stack trace lost somewhere in the javax code, leaving on the text 
> "login failed" and a stack trace of no value whatsoever.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to