Guanghao Zhang created PHOENIX-5904:
---------------------------------------

             Summary: Add log if the configed kerberos principal login failed
                 Key: PHOENIX-5904
                 URL: https://issues.apache.org/jira/browse/PHOENIX-5904
             Project: Phoenix
          Issue Type: Improvement
          Components: queryserver
            Reporter: Guanghao Zhang


{code:java}
SecurityUtil.login(getConf(), 
QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
    QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
LOG.info("Login successful.");
{code}
But SecurityUtil.login may return directly if 
UserGroupInformation.isSecurityEnabled return false.

 
{code:java}
public static void login(final Configuration conf,
    final String keytabFileKey, final String userNameKey, String hostname)
    throws IOException {
  
  if(!UserGroupInformation.isSecurityEnabled()) 
    return;
  
  String keytabFilename = conf.get(keytabFileKey);
  if (keytabFilename == null || keytabFilename.length() == 0) {
    throw new IOException("Running in secure mode, but config doesn't have a 
keytab");
  }

  String principalConfig = conf.get(userNameKey, System
      .getProperty("user.name"));
  String principalName = SecurityUtil.getServerPrincipal(principalConfig,
      hostname);
  UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
}
{code}
UserGroupInformation.isSecurityEnabled is configed by 
*hadoop.security.authentication*. But the document only said need to config 
*hbase.security.authentication*. So, I thought we need to add document about 
this, too. 

 

QueryServer doc: [https://phoenix.apache.org/server.html]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to