[jira] [Commented] (AMBARI-4809) Allow Falcon to be configured with keytab/security and custom params

Eugene Chekanskiy (JIRA) Mon, 24 Feb 2014 10:40:16 -0800

    [ 
https://issues.apache.org/jira/browse/AMBARI-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910625#comment-13910625
 ]


Eugene Chekanskiy commented on AMBARI-4809:
-------------------------------------------

Added two separate configs: falcon-runtime-site and falcon-startup-site. This 
will allow to configure falcon in secure mode with simple auth or kerberos. 
Also we can add some custom properties to this configs. Patch under testing, 
falcon starts in kerberos mode but throws following exception when i try to run 
"falcon version":
{noformat}
2014-02-24 17:28:12,769  Authentication exception: GSSException: Failure 
unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot 
find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC 
SHA1-96)
org.apache.hadoop.security.authentication.client.AuthenticationException: 
GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid 
argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 
CTS mode with HMAC SHA1-96)
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:360)
        at 
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:349)
        at 
org.apache.falcon.security.BasicAuthFilter.doFilter(BasicAuthFilter.java:194)
        at 
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
        at 
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
        at 
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at 
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at 
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
        at 
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
        at org.mortbay.jetty.Server.handle(Server.java:326)
        at 
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
        at 
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
        at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
        at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
        at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
        at 
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
        at 
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: 
Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP 
- AES256 CTS mode with HMAC SHA1-96)
        at 
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
        at 
sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
        at 
sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
        at 
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:327)
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:309)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:309)
        ... 17 more
Caused by: KrbException: Invalid argument (400) - Cannot find key of 
appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
        at 
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
        at 
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
        ... 28 more
{noformat}

> Allow Falcon to be configured with keytab/security and custom params
> --------------------------------------------------------------------
>
>                 Key: AMBARI-4809
>                 URL: https://issues.apache.org/jira/browse/AMBARI-4809
>             Project: Ambari
>          Issue Type: Bug
>          Components: controller
>    Affects Versions: 1.5.0
>            Reporter: Eugene Chekanskiy
>            Assignee: Eugene Chekanskiy
>             Fix For: 1.5.0
>
>         Attachments: AMBARI-4809.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (AMBARI-4809) Allow Falcon to be configured with keytab/security and custom params

Reply via email to