[jira] [Commented] (HDFS-2368) defaults created for web keytab and principal, these properties should not have defaults

Arpit Gupta (Commented) (JIRA) Mon, 26 Sep 2011 16:59:39 -0700

    [ 
https://issues.apache.org/jira/browse/HDFS-2368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13115047#comment-13115047
 ]


Arpit Gupta commented on HDFS-2368:
-----------------------------------

currently because of these defaults the namenode tries to log in and fails

2011-09-26 21:29:14,532 WARN org.mortbay.log: Failed startup of context 
org.mortbay.jetty.webapp.WebAppContext@1b5a5cf{/,file:/hadoop-0.20.205.0/webapps/hdfs}
javax.servlet.ServletException: javax.servlet.ServletException: Keytab does not 
exist: /homes/user/dfs.web.keytab
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:180)
        at 
org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:146)
        at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
        at 
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at 
org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
        at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
        at 
org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
        at 
org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
        at 
org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
        at 
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at 
org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
        at 
org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
        at 
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at 
org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
        at org.mortbay.jetty.Server.doStart(Server.java:224)
        at 
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
        at org.apache.hadoop.http.HttpServer.start(HttpServer.java:617)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode$1.run(NameNode.java:421)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode$1.run(NameNode.java:351)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:396)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1059)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode.startHttpServer(NameNode.java:351)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:303)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:472)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1243)
        at 
org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1252)
Caused by: javax.servlet.ServletException: Keytab does not exist: 
/homes/hrt_hdfs/dfs.web.keytab
        at 
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:151)



We should not have these properties as defaults but expect the user to 
explicitly set them when they enable webhdfs. Also should the NN start should 
fail if this happens. Currently when the nn principal login fails the namenode 
fails to start. We should implement the same for this.
                
> defaults created for web keytab and principal, these properties should not 
> have defaults
> ----------------------------------------------------------------------------------------
>
>                 Key: HDFS-2368
>                 URL: https://issues.apache.org/jira/browse/HDFS-2368
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 0.20.205.0
>            Reporter: Arpit Gupta
>            Assignee: Tsz Wo (Nicholas), SZE
>
> the following defaults are set in hdfs-defaults.xml
> <property>
>   <name>dfs.web.authentication.kerberos.principal</name>
>   <value>HTTP/${dfs.web.hostname}@${kerberos.realm}</value>
>   <description>
>     The HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
>     The HTTP Kerberos principal MUST start with 'HTTP/' per Kerberos
>     HTTP SPENGO specification.
>   </description>
> </property>
> <property>
>   <name>dfs.web.authentication.kerberos.keytab</name>
>   <value>${user.home}/dfs.web.keytab</value>
>   <description>
>     The Kerberos keytab file with the credentials for the
>     HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
>   </description>
> </property>
> These properties should not have defaults

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HDFS-2368) defaults created for web keytab and principal, these properties should not have defaults

Reply via email to