[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[ https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kevin Risden updated KNOX-745: -- Fix Version/s: (was: 1.2.0) > KnoxCLI system-user-auth-test and user-auth-test doesn't work with system > password alias > > > Key: KNOX-745 > URL: https://issues.apache.org/jira/browse/KNOX-745 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.10.0 > Environment: centos6 >Reporter: Vipin Rathor >Priority: Minor > > When system password alias is used instead of plain text password in Knox > topology, the knoxcli system-user-auth-test and user-auth-test fails to > authenticate. > Issue can be reproduced easily by following these steps: > Steps to reproduce: > 1. Specify these three property in topology (say sandbox.xml) > {code:java} > > main.ldapRealm.authorizationEnabled > true > > > main.ldapRealm.contextFactory.systemUsername > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org > > > main.ldapRealm.contextFactory.systemPassword > ${ALIAS=ldapsystempassword} > > {code} > 2. Save and restart the Knox gateway service > 3. Create password alias: > bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password' > --cluster sandbox > 4. Both the below command would fail: > {code:java} > bin/knoxcli.sh system-user-auth-test --cluster sandbox --d > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot > authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > at > org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300) > at > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193) > at > org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) > at > org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) > at > org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) > at > org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) > at > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478) > at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138) > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > at > org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at > org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at > org.apache.hadoop.gateway.launcher.Command.run(Command.java:101) > at > org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at > org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2750) > at com.sun.jndi.ldap.LdapCtx.(LdapC
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[ https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-745: -- Fix Version/s: (was: 1.1.0) 1.2.0 > KnoxCLI system-user-auth-test and user-auth-test doesn't work with system > password alias > > > Key: KNOX-745 > URL: https://issues.apache.org/jira/browse/KNOX-745 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.10.0 > Environment: centos6 >Reporter: Vipin Rathor >Priority: Minor > Fix For: 1.2.0 > > > When system password alias is used instead of plain text password in Knox > topology, the knoxcli system-user-auth-test and user-auth-test fails to > authenticate. > Issue can be reproduced easily by following these steps: > Steps to reproduce: > 1. Specify these three property in topology (say sandbox.xml) > {code:java} > > main.ldapRealm.authorizationEnabled > true > > > main.ldapRealm.contextFactory.systemUsername > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org > > > main.ldapRealm.contextFactory.systemPassword > ${ALIAS=ldapsystempassword} > > {code} > 2. Save and restart the Knox gateway service > 3. Create password alias: > bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password' > --cluster sandbox > 4. Both the below command would fail: > {code:java} > bin/knoxcli.sh system-user-auth-test --cluster sandbox --d > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot > authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > at > org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300) > at > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193) > at > org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) > at > org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) > at > org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) > at > org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) > at > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478) > at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138) > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > at > org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at > org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at > org.apache.hadoop.gateway.launcher.Command.run(Command.java:101) > at > org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at > org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:27
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[ https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-745: - Fix Version/s: (was: 0.15.0) 1.1.0 > KnoxCLI system-user-auth-test and user-auth-test doesn't work with system > password alias > > > Key: KNOX-745 > URL: https://issues.apache.org/jira/browse/KNOX-745 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.10.0 > Environment: centos6 >Reporter: Vipin Rathor >Priority: Minor > Fix For: 1.1.0 > > > When system password alias is used instead of plain text password in Knox > topology, the knoxcli system-user-auth-test and user-auth-test fails to > authenticate. > Issue can be reproduced easily by following these steps: > Steps to reproduce: > 1. Specify these three property in topology (say sandbox.xml) > {code:java} > > main.ldapRealm.authorizationEnabled > true > > > main.ldapRealm.contextFactory.systemUsername > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org > > > main.ldapRealm.contextFactory.systemPassword > ${ALIAS=ldapsystempassword} > > {code} > 2. Save and restart the Knox gateway service > 3. Create password alias: > bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password' > --cluster sandbox > 4. Both the below command would fail: > {code:java} > bin/knoxcli.sh system-user-auth-test --cluster sandbox --d > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot > authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > at > org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300) > at > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193) > at > org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) > at > org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) > at > org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) > at > org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) > at > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478) > at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138) > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > at > org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at > org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at > org.apache.hadoop.gateway.launcher.Command.run(Command.java:101) > at > org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at > org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:275
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[ https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-745: - Fix Version/s: (was: 0.14.0) 0.15.0 > KnoxCLI system-user-auth-test and user-auth-test doesn't work with system > password alias > > > Key: KNOX-745 > URL: https://issues.apache.org/jira/browse/KNOX-745 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.10.0 > Environment: centos6 >Reporter: Vipin Rathor >Priority: Minor > Fix For: 0.15.0 > > > When system password alias is used instead of plain text password in Knox > topology, the knoxcli system-user-auth-test and user-auth-test fails to > authenticate. > Issue can be reproduced easily by following these steps: > Steps to reproduce: > 1. Specify these three property in topology (say sandbox.xml) > {code:java} > > main.ldapRealm.authorizationEnabled > true > > > main.ldapRealm.contextFactory.systemUsername > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org > > > main.ldapRealm.contextFactory.systemPassword > ${ALIAS=ldapsystempassword} > > {code} > 2. Save and restart the Knox gateway service > 3. Create password alias: > bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password' > --cluster sandbox > 4. Both the below command would fail: > {code:java} > bin/knoxcli.sh system-user-auth-test --cluster sandbox --d > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot > authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > at > org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300) > at > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193) > at > org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) > at > org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) > at > org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) > at > org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) > at > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478) > at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138) > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > at > org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at > org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at > org.apache.hadoop.gateway.launcher.Command.run(Command.java:101) > at > org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at > org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[ https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-745: - Fix Version/s: 0.14.0 > KnoxCLI system-user-auth-test and user-auth-test doesn't work with system > password alias > > > Key: KNOX-745 > URL: https://issues.apache.org/jira/browse/KNOX-745 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.10.0 > Environment: centos6 >Reporter: Vipin Rathor >Priority: Minor > Fix For: 0.14.0 > > > When system password alias is used instead of plain text password in Knox > topology, the knoxcli system-user-auth-test and user-auth-test fails to > authenticate. > Issue can be reproduced easily by following these steps: > Steps to reproduce: > 1. Specify these three property in topology (say sandbox.xml) > {code:java} > > main.ldapRealm.authorizationEnabled > true > > > main.ldapRealm.contextFactory.systemUsername > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org > > > main.ldapRealm.contextFactory.systemPassword > ${ALIAS=ldapsystempassword} > > {code} > 2. Save and restart the Knox gateway service > 3. Create password alias: > bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password' > --cluster sandbox > 4. Both the below command would fail: > {code:java} > bin/knoxcli.sh system-user-auth-test --cluster sandbox --d > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot > authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > at > org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300) > at > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193) > at > org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) > at > org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) > at > org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) > at > org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) > at > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478) > at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138) > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > at > org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at > org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at > org.apache.hadoop.gateway.launcher.Command.run(Command.java:101) > at > org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at > org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2750) > at com.sun.jndi.
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[ https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vipin Rathor updated KNOX-745: -- Summary: KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias (was: KnoxCLI system-user-auth and user-auth doesn't work with system password alias) > KnoxCLI system-user-auth-test and user-auth-test doesn't work with system > password alias > > > Key: KNOX-745 > URL: https://issues.apache.org/jira/browse/KNOX-745 > Project: Apache Knox > Issue Type: Bug > Components: KnoxCLI >Affects Versions: 0.10.0 > Environment: centos6 >Reporter: Vipin Rathor >Priority: Minor > > When system password alias is used instead of plain text password in Knox > topology, the knoxcli system-user-auth-test and user-auth-test fails to > authenticate. > Issue can be reproduced easily by following these steps: > Steps to reproduce: > 1. Specify these three property in topology (say sandbox.xml) > {code:java} > > main.ldapRealm.authorizationEnabled > true > > > main.ldapRealm.contextFactory.systemUsername > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org > > > main.ldapRealm.contextFactory.systemPassword > ${ALIAS=ldapsystempassword} > > {code} > 2. Save and restart the Knox gateway service > 3. Create password alias: > bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password' > --cluster sandbox > 4. Both the below command would fail: > {code:java} > bin/knoxcli.sh system-user-auth-test --cluster sandbox --d > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot > authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > org.apache.shiro.authc.AuthenticationException: LDAP authentication failed. > at > org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300) > at > org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193) > at > org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) > at > org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) > at > org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) > at > org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) > at > org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) > at > org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171) > at > org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478) > at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138) > at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70) > at > org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at > org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at > org.apache.hadoop.gateway.launcher.Command.run(Command.java:101) > at > org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at > org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - > INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user > uid=admin,ou=people,dc=hadoop,dc=apache,dc=org] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088) > at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034) > at > com.sun.jndi.ldap.LdapCtx.proces