[
https://issues.apache.org/jira/browse/PHOENIX-6908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated PHOENIX-6908:
---------------------------------
Component/s: queryserver
Affects Version/s: queryserver-6.0.1
> KerberosName$NoMatchingRule exception in
> QueryServer.PhoenixRemoteUserExtractor
> -------------------------------------------------------------------------------
>
> Key: PHOENIX-6908
> URL: https://issues.apache.org/jira/browse/PHOENIX-6908
> Project: Phoenix
> Issue Type: Bug
> Components: queryserver
> Affects Versions: queryserver-6.0.1
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
>
> This seems to be the same issue that [~richardantal] solved for the normal
> path in PHOENIX-6750.
> I am not totally convinced that Jetty stripping the realm is not a bug, but
> for now we can apply the same logic to strip the hostname as we do in the
> non-doAs path.
> java.lang.IllegalArgumentException: Illegal principal name
> knox/cod--xunuzpwiiog4-gateway0.rt174-na.ummd-fsio.int.cldr.work:
> org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:
> No rules applied to
> knox/cod--xunuzpwiiog4-gateway0.rt174-na.ummd-fsio.int.cldr.work
> at org.apache.hadoop.security.User.<init>(User.java:51)
> at org.apache.hadoop.security.User.<init>(User.java:43)
> at
> org.apache.hadoop.security.UserGroupInformation.createRemoteUser(UserGroupInformation.java:1418)
> at
> org.apache.hadoop.security.UserGroupInformation.createRemoteUser(UserGroupInformation.java:1402)
> at
> org.apache.phoenix.queryserver.server.QueryServer$PhoenixRemoteUserExtractor.extract(QueryServer.java:554)
> at
> org.apache.calcite.avatica.server.AvaticaProtobufHandler.handle(AvaticaProtobufHandler.java:124)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:560)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
