[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748312#comment-13748312 ] Tsz Wo (Nicholas), SZE commented on HADOOP-8855: Let me fix it as well; filed HADOOP-9899. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748292#comment-13748292 ] Tsz Wo (Nicholas), SZE commented on HADOOP-8855: > Think you mean to remove this debug statement ... Hi Eli/Todd, in branch-2, [KerberosAuthenticator|http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?annotate=1513688] somehow still has the debug statement. Could you fix it? Thank you in advance. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464748#comment-13464748 ] Hudson commented on HADOOP-8855: Integrated in Hadoop-Mapreduce-trunk #1209 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1209/]) HADOOP-8855. SSL-based image transfer does not work when Kerberos is disabled. Contributed by Todd Lipcon (Revision 1390841) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464694#comment-13464694 ] Hudson commented on HADOOP-8855: Integrated in Hadoop-Hdfs-trunk #1178 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1178/]) HADOOP-8855. SSL-based image transfer does not work when Kerberos is disabled. Contributed by Todd Lipcon (Revision 1390841) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464456#comment-13464456 ] Hudson commented on HADOOP-8855: Integrated in Hadoop-Hdfs-trunk-Commit #2842 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2842/]) HADOOP-8855. SSL-based image transfer does not work when Kerberos is disabled. Contributed by Todd Lipcon (Revision 1390841) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464455#comment-13464455 ] Hudson commented on HADOOP-8855: Integrated in Hadoop-Mapreduce-trunk-Commit #2801 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2801/]) HADOOP-8855. SSL-based image transfer does not work when Kerberos is disabled. Contributed by Todd Lipcon (Revision 1390841) Result = FAILURE eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464454#comment-13464454 ] Hudson commented on HADOOP-8855: Integrated in Hadoop-Common-trunk-Commit #2779 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2779/]) HADOOP-8855. SSL-based image transfer does not work when Kerberos is disabled. Contributed by Todd Lipcon (Revision 1390841) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841 Files : * /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt * /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Fix For: 2.0.3-alpha > > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464447#comment-13464447 ] Eli Collins commented on HADOOP-8855: - Todd confirmed offline the debug statement was unintentional, I'll remove it and commit. I filed HADOOP-8859 for the javadoc improvement. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464407#comment-13464407 ] Eli Collins commented on HADOOP-8855: - Test failures are unrelated. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464353#comment-13464353 ] Hadoop QA commented on HADOOP-8855: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12546754/hadoop-8855.txt against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.ha.TestZKFailoverController org.apache.hadoop.hdfs.server.namenode.metrics.TestNameNodeMetrics org.apache.hadoop.hdfs.TestPersistBlocks {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1534//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1534//console This message is automatically generated. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464261#comment-13464261 ] Andy Isaacson commented on HADOOP-8855: --- Further to the above, I've also verified that using the patched JAR, the 2NN is able to retrieve the fsimage from the NN with config {code} hadoop.ssl.enabled true ... hadoop.security.authorization false ... hadoop.security.authentication simple {code} Thanks for the fix, Todd. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464258#comment-13464258 ] Eli Collins commented on HADOOP-8855: - +1, patch and testing look good - modulo two small things: Nits: - openSecureHttpConnection javadoc shouldn't mention SPNEGO only since there are other authenticators - Think you mean to remove this debug statement {code} private void sendToken(byte[] outToken) throws IOException, AuthenticationException { +new Exception("sendToken").printStackTrace(System.out); {code} > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464217#comment-13464217 ] Andy Isaacson commented on HADOOP-8855: --- I tested Todd's patch on a cluster with various permutations of krb5 and SSL. With the patched JAR, all of my tests passed. - hadoop.security.authentication=kerberos hadoop.ssl.enabled=true: dfsadmin -fetchImage works. - hadoop.security.authentication=simple hadoop.ssl.enabled=true: fetchImage works. - hadoop.security.authentication=kerberos hadoop.ssl.enabled=false: fetchImage works. I also duplicated Todd's observation that {{dfsadmin -fetchImage}} does not work on krb5 without the doAs. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464198#comment-13464198 ] Todd Lipcon commented on HADOOP-8855: - Yes, I think so, but I don't have access to such a JDK. If you have one, do you have time to test? > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464180#comment-13464180 ] Devaraj Das commented on HADOOP-8855: - Good find! [~tlipcon], quick question - this patch will work even on JDKs that have no inherent support for SPNEGO, right? > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464174#comment-13464174 ] Hadoop QA commented on HADOOP-8855: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12546744/hadoop-8855.txt against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:red}-1 javac{color:red}. The patch appears to cause the build to fail. Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1531//console This message is automatically generated. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464087#comment-13464087 ] Hadoop QA commented on HADOOP-8855: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12546727/hadoop-8855.txt against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-common-project/hadoop-common. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1530//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1530//console This message is automatically generated. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464082#comment-13464082 ] Todd Lipcon commented on HADOOP-8855: - I'm trying to test this and it doesn't seem to entirely fix the issue... will report back with more when I know. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464077#comment-13464077 ] Andy Isaacson commented on HADOOP-8855: --- LGTM. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464075#comment-13464075 ] Eli Collins commented on HADOOP-8855: - Sorry - forgot to mention, we should update the javadoc for openSecureHttpConnection to remove the mention of SPNEGO as this method is independent of Kerb and SPNEGO. > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464070#comment-13464070 ] Eli Collins commented on HADOOP-8855: - +1 lgtm (I just filed HADOOP-8856 for the same, will close that). > SSL-based image transfer does not work when Kerberos is disabled > > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 3.0.0, 2.0.2-alpha >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Minor > Attachments: hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira