[
https://issues.apache.org/jira/browse/ZOOKEEPER-2040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated ZOOKEEPER-2040:
--------------------------------------
Attachment: ZOOKEEPER-2040-log-SASL-errors-001.patch
adds the underlying exception.
Before
{code}
WARN server.ZooKeeperServer (ZooKeeperServer.java:processSasl(969)) - Client
failed to SASL authenticate: javax.security.sasl.SaslException: GSS initiate
failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism
level: Checksum failed)]
{code}
After
{code}
WARN server.ZooKeeperServer (ZooKeeperServer.java:processSasl(969)) - Client
failed to SASL authenticate: javax.security.sasl.SaslException: GSS initiate
failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism
level: Checksum failed)]
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException:
Failure unspecified at GSS-API level (Mechanism level: Checksum failed)]
at
com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:177)
at
org.apache.zookeeper.server.ZooKeeperSaslServer.evaluateResponse(ZooKeeperSaslServer.java:158)
at
org.apache.zookeeper.server.ZooKeeperServer.processSasl(ZooKeeperServer.java:961)
at
org.apache.zookeeper.server.ZooKeeperServer.processPacket(ZooKeeperServer.java:934)
at
org.apache.zookeeper.server.NIOServerCnxn.readRequest(NIOServerCnxn.java:373)
at
org.apache.zookeeper.server.NIOServerCnxn.readPayload(NIOServerCnxn.java:200)
at
org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:244)
at
org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
at java.lang.Thread.run(Thread.java:745)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level:
Checksum failed)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at
com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:155)
... 8 more
Caused by: KrbException: Checksum failed
at
sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:102)
at
sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
... 11 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at
sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)
at
sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:272)
at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:76)
at
sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:100)
... 17 more
{code}
It may seem noisier, but it's the information needed to actually work out what
the problem is, here something AES related
> Server to log underlying cause of SASL connection problems
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-2040
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2040
> Project: ZooKeeper
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.4.6
> Reporter: Steve Loughran
> Attachments: ZOOKEEPER-2040-log-SASL-errors-001.patch
>
>
> When you have SASL connectivity problems, you spend time staring at logs
> —ideally logs with stack traces.
> ZK server can help here by including the stack traces when there is a SASL
> auth problem, rather than just giving the text of the exception.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
