[
https://issues.apache.org/jira/browse/HADOOP-10786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14202588#comment-14202588
]
Hadoop QA commented on HADOOP-10786:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12680235/HADOOP-10786.3.patch
against trunk revision 2ac1be7.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common:
org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/5046//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/5046//console
This message is automatically generated.
> Patch that fixes UGI#reloginFromKeytab on java 8
> ------------------------------------------------
>
> Key: HADOOP-10786
> URL: https://issues.apache.org/jira/browse/HADOOP-10786
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Reporter: Tobi Vollebregt
> Assignee: Stephen Chu
> Attachments: HADOOP-10786.2.patch, HADOOP-10786.3.patch,
> HADOOP-10786.3.patch, HADOOP-10786.patch
>
>
> Krb5LoginModule changed subtly in java 8: in particular, if useKeyTab and
> storeKey are specified, then only a KeyTab object is added to the Subject's
> private credentials, whereas in java <= 7 both a KeyTab and some number of
> KerberosKey objects were added.
> The UGI constructor checks whether or not a keytab was used to login by
> looking if there are any KerberosKey objects in the Subject's private
> credentials. If there are, then isKeyTab is set to true, and otherwise it's
> set to false.
> Thus, in java 8 isKeyTab is always false given the current UGI
> implementation, which makes UGI#reloginFromKeytab fail silently.
> Attached patch will check for a KeyTab object on the Subject, instead of a
> KerberosKey object. This fixes relogins from kerberos keytabs on Oracle java
> 8, and works on Oracle java 7 as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
