[jira] [Work logged] (KNOX-1162) Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration

Tue, 19 Feb 2019 07:28:40 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-1162?focusedWorklogId=200681&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-200681
 ]

ASF GitHub Bot logged work on KNOX-1162:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 19/Feb/19 15:27
            Start Date: 19/Feb/19 15:27
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on pull request #55: KNOX-1162 - 
Logging stacktrace for FATAL messages and displaying a meaningful error message 
in case of missing/non-parsable JAAS configuration
URL: https://github.com/apache/knox/pull/55#discussion_r258088484
 
 

 ##########
 File path: 
gateway-service-remoteconfig/src/test/java/org/apache/knox/gateway/service/config/remote/zk/RemoteConfigurationRegistryJAASConfigTest.java
 ##########
 @@ -36,6 +47,14 @@
 
 public class RemoteConfigurationRegistryJAASConfigTest {
 
+    @Rule
+    public final TemporaryFolder testFolder = new TemporaryFolder();
+
+    @Rule
+    public final ExpectedException expectedException = 
ExpectedException.none();
+
+    private static final String JAAS_CONFIG_ERRROR_PREFIX = "Error while 
getting secure configuration. This error usually indicates an issue within the 
supplied JAAS configuration";
 
 Review comment:
   Fixed; thanks!
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 200681)
    Time Spent: 3h 20m  (was: 3h 10m)

> Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration
> ----------------------------------------------------------------
>
>                 Key: KNOX-1162
>                 URL: https://issues.apache.org/jira/browse/KNOX-1162
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.14.0
>            Reporter: Kevin Minder
>            Assignee: Sandor Molnar
>            Priority: Minor
>             Fix For: 1.3.0
>
>          Time Spent: 3h 20m
>  Remaining Estimate: 0h
>
> When there is a misconfiguration in conf/krb5JAASLogin.conf the server fails 
> to start and the information in gateway.log isn't at all helpful.  So two 
> requests
> # Logging should indicate at a minimum what file contains the issue.
> # All fatal issues should log stack traces without requiring enabling debug 
> logging.
> This is the error shown in gateway.log
> {code}
> 2018-01-05 12:05:12,538 FATAL hadoop.gateway (GatewayServer.java:main(163)) - 
> Failed to start gateway: java.lang.SecurityException: java.io.IOException: 
> Configuration Error:
>         Line 7: expected [option key]
> {code}
> When you enabled debug logging you get somewhat better information.
> {code}
> 2018-01-05 15:55:54,087 FATAL hadoop.gateway (GatewayServer.java:main(163)) - 
> Failed to start gateway: java.lang.SecurityException: java.io.IOException: 
> Configuration Error:
>         Line 7: expected [option key]
> java.lang.SecurityException: java.io.IOException: Configuration Error:
>         Line 7: expected [option key]
>         at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
>         at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
> Method)
>         at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>         at java.lang.Class.newInstance(Class.java:442)
>         at 
> javax.security.auth.login.Configuration$2.run(Configuration.java:255)
>         at 
> javax.security.auth.login.Configuration$2.run(Configuration.java:247)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at 
> javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:52)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:59)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:80)
>         at 
> org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:113)
>         at 
> org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:154)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at 
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
>         at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
>         at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99)
>         at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
>         at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: java.io.IOException: Configuration Error:
>         Line 7: expected [option key]
>         at 
> sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
>         at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
>         at 
> sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477)
>         at 
> sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
>         at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
>         at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
>         at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
>         ... 24 more
> {code}
> Lastly the particular configuration error in conf/krb5JAASLogin.conf was 
> missing quotes for the keyTab and principal values.  Note, portions of the 
> principal have been scrubbed and replaced with tokens (e.g. <host-name>)
> {code}
> com.sun.security.jgss.initiate {
>     com.sun.security.auth.module.Krb5LoginModule required
>     renewTGT=true
>     doNotPrompt=true
>     useKeyTab=true
>     keyTab=/usr/hdp/current/knox-server/conf/knox.keytab
>     principal=knox/<host-name>@<realm-name>
>     isInitiator=true
>     storeKey=true
>     useTicketCache=true
>     client=true;
> };
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to