[
https://issues.apache.org/jira/browse/AMBARI-14702?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-14702:
----------------------------------
Attachment: AMBARI-14702_trunk_01.patch
AMBARI-14702_branch-2.2_01.patch
> disabling kerberos does not remove auth to local rules
> ------------------------------------------------------
>
> Key: AMBARI-14702
> URL: https://issues.apache.org/jira/browse/AMBARI-14702
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.2.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos
> Fix For: 2.2.2
>
> Attachments: AMBARI-14702_branch-2.2_01.patch,
> AMBARI-14702_trunk_01.patch
>
>
> After disabling Kerberos to fix a user generated issue with a principal name
> pattern, the auth-to-local mapping(s) were not removed and thus not _fixing_
> the issues that were caused:
> {noformat:title=Invalid hadoop.security.auth_to_local value}
> <property>
> <name>hadoop.security.auth_to_local</name>
> <value>RULE:[1:$1@$0](${hbase_user}@EXAMPLE.COM)s/.*/hbase/
> RULE:[1:$1@$0](${hdfs_user}@EXAMPLE.COM)s/.*/hdfs/
> RULE:[1:$1@$0](${smokeuser}@EXAMPLE.COM)s/.*/ambari-qa/
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[2:$1@$0]([email protected])s/.*/ams/
> RULE:[2:$1@$0]([email protected])s/.*/ams/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/hbase/
> RULE:[2:$1@$0]([email protected])s/.*/hive/
> RULE:[2:$1@$0]([email protected])s/.*/mapred/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> RULE:[2:$1@$0]([email protected])s/.*/hdfs/
> RULE:[2:$1@$0]([email protected])s/.*/oozie/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> RULE:[2:$1@$0]([email protected])s/.*/yarn/
> DEFAULT</value>
> </property>
> {noformat}
> {noformat:title=Errors in log}
> 2016-01-13 21:51:17,825 FATAL datanode.DataNode
> (DataNode.java:secureMain(2429)) - Exception in secureMain
> java.util.regex.PatternSyntaxException: Illegal repetition near index 0
> ${hbase_user}@EXAMPLE.COM
> ^
> at java.util.regex.Pattern.error(Pattern.java:1924)
> at java.util.regex.Pattern.closure(Pattern.java:3104)
> at java.util.regex.Pattern.sequence(Pattern.java:2101)
> at java.util.regex.Pattern.expr(Pattern.java:1964)
> at java.util.regex.Pattern.compile(Pattern.java:1665)
> at java.util.regex.Pattern.<init>(Pattern.java:1337)
> at java.util.regex.Pattern.compile(Pattern.java:1022)
> at
> org.apache.hadoop.security.authentication.util.KerberosName$Rule.<init>(KerberosName.java:193)
> at
> org.apache.hadoop.security.authentication.util.KerberosName.parseRules(KerberosName.java:336)
> at
> org.apache.hadoop.security.authentication.util.KerberosName.setRules(KerberosName.java:397)
> at
> org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:75)
> at
> org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:275)
> at
> org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:311)
> at
> org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:2192)
> at
> org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:2242)
> at
> org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2422)
> at
> org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2446)
> 2016-01-13 21:51:17,830 INFO util.ExitUtil (ExitUtil.java:terminate(124)) -
> Exiting with status 1
> 2016-01-13 21:51:17,832 INFO datanode.DataNode (LogAdapter.java:info(45)) -
> SHUTDOWN_MSG:
> /************************************************************
> {noformat}
> The auth-to-local mappings should be removed when Kerberos is disabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
