[ https://issues.apache.org/jira/browse/PHOENIX-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Istvan Toth resolved PHOENIX-5904. ---------------------------------- Resolution: Fixed Committed with a minor refactor. Thank you [~zghao] > Add log if the configed kerberos principal login failed > ------------------------------------------------------- > > Key: PHOENIX-5904 > URL: https://issues.apache.org/jira/browse/PHOENIX-5904 > Project: Phoenix > Issue Type: Improvement > Components: queryserver > Reporter: Guanghao Zhang > Assignee: Guanghao Zhang > Priority: Minor > Fix For: queryserver-1.0.0 > > Attachments: PHOENIX-5904.website.diff > > > {code:java} > SecurityUtil.login(getConf(), > QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB, > QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname); > LOG.info("Login successful."); > {code} > But SecurityUtil.login may return directly if > UserGroupInformation.isSecurityEnabled return false. > > {code:java} > public static void login(final Configuration conf, > final String keytabFileKey, final String userNameKey, String hostname) > throws IOException { > > if(!UserGroupInformation.isSecurityEnabled()) > return; > > String keytabFilename = conf.get(keytabFileKey); > if (keytabFilename == null || keytabFilename.length() == 0) { > throw new IOException("Running in secure mode, but config doesn't have a > keytab"); > } > String principalConfig = conf.get(userNameKey, System > .getProperty("user.name")); > String principalName = SecurityUtil.getServerPrincipal(principalConfig, > hostname); > UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename); > } > {code} > UserGroupInformation.isSecurityEnabled is configed by > *hadoop.security.authentication*. But the document only said need to config > *hbase.security.authentication*. So, I thought we need to add document about > this, too. > > QueryServer doc: [https://phoenix.apache.org/server.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)