[jira] [Commented] (HDFS-14609) RBF: Security should use common AuthenticationFilter

[Takanobu Asanuma (Jira)]

    [ 
https://issues.apache.org/jira/browse/HDFS-14609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16928518#comment-16928518
 ] 

Takanobu Asanuma commented on HDFS-14609:
-----------------------------------------

[~zhangchen] Thanks for your hard work on this issue.

I ran the unit tests several times and sometimes saw the following error. This 
test may be flaky.
{noformat}
$ mvn test -Dtest=TestRouterHttpDelegationToken
...
[INFO] Running 
org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken
[ERROR] Tests run: 3, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 6.146 s 
<<< FAILURE! - in 
org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken
[ERROR] 
testGetDelegationToken(org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken)
  Time elapsed: 0.115 s  <<< ERROR!
org.apache.hadoop.service.ServiceStateException: 
org.apache.hadoop.security.KerberosAuthException: failure to login: for 
principal: router/localh...@example.com from keytab 
/.../hadoop/hadoop-hdfs-project/hadoop-hdfs-rbf/target/test/data/SecurityConfUtil/test.keytab
 javax.security.auth.login.LoginException: Integrity check on decrypted field 
failed (31) - PREAUTH_FAILED
        at 
org.apache.hadoop.service.ServiceStateException.convert(ServiceStateException.java:105)
        at 
org.apache.hadoop.service.AbstractService.init(AbstractService.java:173)
        at 
org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken.setup(TestRouterHttpDelegationToken.java:132)
{noformat}
The patch seems no problem, but I think {{SecurityConfUtil#initSecurity()}} has 
some problems.

> RBF: Security should use common AuthenticationFilter
> ----------------------------------------------------
>
>                 Key: HDFS-14609
>                 URL: https://issues.apache.org/jira/browse/HDFS-14609
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: CR Hota
>            Assignee: Chen Zhang
>            Priority: Major
>         Attachments: HDFS-14609.001.patch, HDFS-14609.002.patch, 
> HDFS-14609.003.patch, HDFS-14609.004.patch, HDFS-14609.005.patch, 
> HDFS-14609.006.patch
>
>
> We worked on router based federation security as part of HDFS-13532. We kept 
> it compatible with the way namenode works. However with HADOOP-16314 and 
> HDFS-16354 in trunk, auth filters seems to have been changed causing tests to 
> fail.
> Changes are needed appropriately in RBF, mainly fixing broken tests.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org