[jira] [Commented] (KNOX-1162) Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration

Tue, 19 Feb 2019 08:40:43 -0800 


    [ 
https://issues.apache.org/jira/browse/KNOX-1162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772094#comment-16772094
 ] 

ASF subversion and git services commented on KNOX-1162:
-------------------------------------------------------

Commit dac2f2e289ea4ca99afd37dadcfc623fdac19fb1 in knox's branch 
refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=dac2f2e ]

KNOX-1162 - Logging stacktrace for FATAL messages and displaying a meaningful 
error message in case of missing/non-parsable JAAS configuration (#55)




> Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration
> ----------------------------------------------------------------
>
>                 Key: KNOX-1162
>                 URL: https://issues.apache.org/jira/browse/KNOX-1162
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.14.0
>            Reporter: Kevin Minder
>            Assignee: Sandor Molnar
>            Priority: Minor
>             Fix For: 1.3.0
>
>          Time Spent: 3.5h
>  Remaining Estimate: 0h
>
> When there is a misconfiguration in conf/krb5JAASLogin.conf the server fails 
> to start and the information in gateway.log isn't at all helpful.  So two 
> requests
> # Logging should indicate at a minimum what file contains the issue.
> # All fatal issues should log stack traces without requiring enabling debug 
> logging.
> This is the error shown in gateway.log
> {code}
> 2018-01-05 12:05:12,538 FATAL hadoop.gateway (GatewayServer.java:main(163)) - 
> Failed to start gateway: java.lang.SecurityException: java.io.IOException: 
> Configuration Error:
>         Line 7: expected [option key]
> {code}
> When you enabled debug logging you get somewhat better information.
> {code}
> 2018-01-05 15:55:54,087 FATAL hadoop.gateway (GatewayServer.java:main(163)) - 
> Failed to start gateway: java.lang.SecurityException: java.io.IOException: 
> Configuration Error:
>         Line 7: expected [option key]
> java.lang.SecurityException: java.io.IOException: Configuration Error:
>         Line 7: expected [option key]
>         at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
>         at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
> Method)
>         at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>         at java.lang.Class.newInstance(Class.java:442)
>         at 
> javax.security.auth.login.Configuration$2.run(Configuration.java:255)
>         at 
> javax.security.auth.login.Configuration$2.run(Configuration.java:247)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at 
> javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:52)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:59)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:80)
>         at 
> org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:113)
>         at 
> org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:154)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at 
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
>         at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
>         at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99)
>         at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
>         at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: java.io.IOException: Configuration Error:
>         Line 7: expected [option key]
>         at 
> sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
>         at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
>         at 
> sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477)
>         at 
> sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
>         at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
>         at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
>         at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
>         ... 24 more
> {code}
> Lastly the particular configuration error in conf/krb5JAASLogin.conf was 
> missing quotes for the keyTab and principal values.  Note, portions of the 
> principal have been scrubbed and replaced with tokens (e.g. <host-name>)
> {code}
> com.sun.security.jgss.initiate {
>     com.sun.security.auth.module.Krb5LoginModule required
>     renewTGT=true
>     doNotPrompt=true
>     useKeyTab=true
>     keyTab=/usr/hdp/current/knox-server/conf/knox.keytab
>     principal=knox/<host-name>@<realm-name>
>     isInitiator=true
>     storeKey=true
>     useTicketCache=true
>     client=true;
> };
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to