[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748312#comment-13748312
]
Tsz Wo (Nicholas), SZE commented on HADOOP-8855:
Let me fix it as well; filed HADOOP-9899.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748292#comment-13748292
]
Tsz Wo (Nicholas), SZE commented on HADOOP-8855:
> Think you mean to remove this debug statement ...
Hi Eli/Todd, in branch-2,
[KerberosAuthenticator|http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?annotate=1513688]
somehow still has the debug statement. Could you fix it? Thank you in
advance.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464748#comment-13464748
]
Hudson commented on HADOOP-8855:
Integrated in Hadoop-Mapreduce-trunk #1209 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1209/])
HADOOP-8855. SSL-based image transfer does not work when Kerberos is
disabled. Contributed by Todd Lipcon (Revision 1390841)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841
Files :
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464694#comment-13464694
]
Hudson commented on HADOOP-8855:
Integrated in Hadoop-Hdfs-trunk #1178 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1178/])
HADOOP-8855. SSL-based image transfer does not work when Kerberos is
disabled. Contributed by Todd Lipcon (Revision 1390841)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841
Files :
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464456#comment-13464456
]
Hudson commented on HADOOP-8855:
Integrated in Hadoop-Hdfs-trunk-Commit #2842 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2842/])
HADOOP-8855. SSL-based image transfer does not work when Kerberos is
disabled. Contributed by Todd Lipcon (Revision 1390841)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841
Files :
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464455#comment-13464455
]
Hudson commented on HADOOP-8855:
Integrated in Hadoop-Mapreduce-trunk-Commit #2801 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2801/])
HADOOP-8855. SSL-based image transfer does not work when Kerberos is
disabled. Contributed by Todd Lipcon (Revision 1390841)
Result = FAILURE
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841
Files :
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464454#comment-13464454
]
Hudson commented on HADOOP-8855:
Integrated in Hadoop-Common-trunk-Commit #2779 (See
[https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2779/])
HADOOP-8855. SSL-based image transfer does not work when Kerberos is
disabled. Contributed by Todd Lipcon (Revision 1390841)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1390841
Files :
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Fix For: 2.0.3-alpha
>
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464447#comment-13464447
]
Eli Collins commented on HADOOP-8855:
-
Todd confirmed offline the debug statement was unintentional, I'll remove it
and commit. I filed HADOOP-8859 for the javadoc improvement.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464407#comment-13464407
]
Eli Collins commented on HADOOP-8855:
-
Test failures are unrelated.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464353#comment-13464353
]
Hadoop QA commented on HADOOP-8855:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12546754/hadoop-8855.txt
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common
hadoop-hdfs-project/hadoop-hdfs:
org.apache.hadoop.ha.TestZKFailoverController
org.apache.hadoop.hdfs.server.namenode.metrics.TestNameNodeMetrics
org.apache.hadoop.hdfs.TestPersistBlocks
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/1534//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/1534//console
This message is automatically generated.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464261#comment-13464261
]
Andy Isaacson commented on HADOOP-8855:
---
Further to the above, I've also verified that using the patched JAR, the 2NN is
able to retrieve the fsimage from the NN with config
{code}
hadoop.ssl.enabled
true
...
hadoop.security.authorization
false
...
hadoop.security.authentication
simple
{code}
Thanks for the fix, Todd.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464258#comment-13464258
]
Eli Collins commented on HADOOP-8855:
-
+1, patch and testing look good - modulo two small things:
Nits:
- openSecureHttpConnection javadoc shouldn't mention SPNEGO only since there
are other authenticators
- Think you mean to remove this debug statement
{code}
private void sendToken(byte[] outToken) throws IOException,
AuthenticationException {
+new Exception("sendToken").printStackTrace(System.out);
{code}
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464217#comment-13464217
]
Andy Isaacson commented on HADOOP-8855:
---
I tested Todd's patch on a cluster with various permutations of krb5 and SSL.
With the patched JAR, all of my tests passed.
- hadoop.security.authentication=kerberos hadoop.ssl.enabled=true: dfsadmin
-fetchImage works.
- hadoop.security.authentication=simple hadoop.ssl.enabled=true: fetchImage
works.
- hadoop.security.authentication=kerberos hadoop.ssl.enabled=false: fetchImage
works.
I also duplicated Todd's observation that {{dfsadmin -fetchImage}} does not
work on krb5 without the doAs.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464198#comment-13464198
]
Todd Lipcon commented on HADOOP-8855:
-
Yes, I think so, but I don't have access to such a JDK. If you have one, do you
have time to test?
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464180#comment-13464180
]
Devaraj Das commented on HADOOP-8855:
-
Good find! [~tlipcon], quick question - this patch will work even on JDKs that
have no inherent support for SPNEGO, right?
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464174#comment-13464174
]
Hadoop QA commented on HADOOP-8855:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12546744/hadoop-8855.txt
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:red}-1 javac{color:red}. The patch appears to cause the build to
fail.
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/1531//console
This message is automatically generated.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464087#comment-13464087
]
Hadoop QA commented on HADOOP-8855:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12546727/hadoop-8855.txt
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-common.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/1530//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/1530//console
This message is automatically generated.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464082#comment-13464082
]
Todd Lipcon commented on HADOOP-8855:
-
I'm trying to test this and it doesn't seem to entirely fix the issue... will
report back with more when I know.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464077#comment-13464077
]
Andy Isaacson commented on HADOOP-8855:
---
LGTM.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464075#comment-13464075
]
Eli Collins commented on HADOOP-8855:
-
Sorry - forgot to mention, we should update the javadoc for
openSecureHttpConnection to remove the mention of SPNEGO as this method is
independent of Kerb and SPNEGO.
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
[
https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464070#comment-13464070
]
Eli Collins commented on HADOOP-8855:
-
+1 lgtm (I just filed HADOOP-8856 for the same, will close that).
> SSL-based image transfer does not work when Kerberos is disabled
>
>
> Key: HADOOP-8855
> URL: https://issues.apache.org/jira/browse/HADOOP-8855
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
>Affects Versions: 3.0.0, 2.0.2-alpha
>Reporter: Todd Lipcon
>Assignee: Todd Lipcon
>Priority: Minor
> Attachments: hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check
> {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the
> kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we
> should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
