----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31292/#review73571 -----------------------------------------------------------
Ship it! ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java <https://reviews.apache.org/r/31292/#comment119969> is it valid for the admin credentials to be null? Seems that this should result in an exception being thrown. ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java <https://reviews.apache.org/r/31292/#comment119968> misleading error message. Should say something like, "Must specify either a password or a keytab but both are null" - John Speidel On Feb. 23, 2015, 2:09 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31292/ > ----------------------------------------------------------- > > (Updated Feb. 23, 2015, 2:09 a.m.) > > > Review request for Ambari, John Speidel and Robert Nettleton. > > > Bugs: AMBARI-9742 > https://issues.apache.org/jira/browse/AMBARI-9742 > > > Repository: ambari > > > Description > ------- > > Note: I don't believe the below is specific to add host, but related to the > prompting and how the set admin cred works in case of a blank password. I hit > this during testing of add host though. > > - install cluster, kerberize > - add host (be sure to use a new browser so you know it will prompt for kerb > admin credentials) > - got to the review part of add host, click deploy > - prompted for admin creds (as expected) > - tried messing around by putting in bad creds and that seemed to work... > - expect when I put in the right admin cred principal name (admin/admin) but > a blank password. I was surprised it allowed me to click save (because the > password field was blank) > - so I click save, dialog disappears and I am cannot get it to re-prompt. > - this is what it PUT and the response was blank... > > ``` > [{"session_attributes":{"kerberos_admin":{"principal":"admin/admin","password":""}}}]: > Response Headersview source > ``` > > in ambari-server.log, nothing > > ``` > 17:58:05,860 INFO [qtp1257282095-603] AmbariManagementControllerImpl:1171 - > Received a updateCluster request, clusterId=2, clusterName=MyCluster, > securityType=null, request={ clusterName=MyCluster, clusterId=2, > provisioningState=null, securityType=null, stackVersion=HDP-2.2, > desired_scv=null, hosts=[] } > ``` > > - back in wizard doesn't solve it. had to completely exit wizard and ambari > web to start again > > The overall issue is how the credentials are being validated. If no password > is being set, the command to test the credentials when using a MIT KDC > generates the following command: > ``` > kadmin -p admin/admin -w "" -r EXAMPLE.COM -q 'get_principal admin/admin' > ``` > > The empty password (`-w ""`) in the command creates an interactive session > where the command is waiting for data on STDIN, thus hanging the process. > > An empty password should not cause the same behavior when using Active > Directory. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > 9d41691 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java > f4551d2 > > Diff: https://reviews.apache.org/r/31292/diff/ > > > Testing > ------- > > Manually tested in cluster > > #Jenkins test results: > Running > org.apache.ambari.server.serveraction.kerberos.MITKerberosOperationHandlerTest > Tests run: 24, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.838 sec > > Running > org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest > Tests run: 24, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 1.131 sec > > Ambari server test suite > Tests run: 2734, Failures: 0, Errors: 0, Skipped: 15 > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 01:07 h > [INFO] Finished at: 2015-02-23T01:58:43+00:00 > [INFO] Final Memory: 43M/473M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
