[jira] [Created] (HBASE-17827) Client tools relying on AuthUtil.getAuthChore() break credential cache login

Thu, 23 Mar 2017 12:04:12 -0700 

Gary Helmling created HBASE-17827:
-------------------------------------

             Summary: Client tools relying on AuthUtil.getAuthChore() break 
credential cache login
                 Key: HBASE-17827
                 URL: https://issues.apache.org/jira/browse/HBASE-17827
             Project: HBase
          Issue Type: Bug
          Components: canary, security
            Reporter: Gary Helmling
            Assignee: Gary Helmling


Client tools, such as Canary, which make use of keytab based logins with 
AuthUtil.getAuthChore() do not allow any way to continue without a keytab-based 
login when security is enabled.  Currently, when security is enabled and the 
configuration lacks {{hbase.client.keytab.file}}, these tools would fail with:

{noformat}
ERROR hbase.AuthUtil: Error while trying to perform the initial login: Running 
in secure mode, but config doesn't have a keytab
java.io.IOException: Running in secure mode, but config doesn't have a keytab
        at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:239)
        at 
org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:420)
        at org.apache.hadoop.hbase.security.User.login(User.java:258)
        at 
org.apache.hadoop.hbase.security.UserProvider.login(UserProvider.java:197)
        at org.apache.hadoop.hbase.AuthUtil.getAuthChore(AuthUtil.java:98)
        at org.apache.hadoop.hbase.tool.Canary.run(Canary.java:589)
        at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
        at org.apache.hadoop.hbase.tool.Canary.main(Canary.java:1327)
Exception in thread "main" java.io.IOException: Running in secure mode, but 
config doesn't have a keytab
        at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:239)
        at 
org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:420)
        at org.apache.hadoop.hbase.security.User.login(User.java:258)
        at 
org.apache.hadoop.hbase.security.UserProvider.login(UserProvider.java:197)
        at org.apache.hadoop.hbase.AuthUtil.getAuthChore(AuthUtil.java:98)
        at org.apache.hadoop.hbase.tool.Canary.run(Canary.java:589)
        at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
        at org.apache.hadoop.hbase.tool.Canary.main(Canary.java:1327)
{noformat}

These tools should still work with the default credential-cache login, at least 
when a client keytab is not configured.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to