[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden updated KNOX-745:
--
Fix Version/s: (was: 1.2.0)
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2750)
> at com.sun.jndi.ldap.LdapCtx.(LdapC
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phil Zampino updated KNOX-745:
--
Fix Version/s: (was: 1.1.0)
1.2.0
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
> Fix For: 1.2.0
>
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:27
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-745:
-
Fix Version/s: (was: 0.15.0)
1.1.0
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
> Fix For: 1.1.0
>
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:275
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-745:
-
Fix Version/s: (was: 0.14.0)
0.15.0
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
> Fix For: 0.15.0
>
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-745:
-
Fix Version/s: 0.14.0
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
> Fix For: 0.14.0
>
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2750)
> at com.sun.jndi.
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vipin Rathor updated KNOX-745:
--
Summary: KnoxCLI system-user-auth-test and user-auth-test doesn't work with
system password alias (was: KnoxCLI system-user-auth and user-auth doesn't
work with system password alias)
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.proces
