[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119992#comment-16119992 ] Lantao Jin commented on HADOOP-14708: - Thanks [~jojochuang]. Maybe the [HDFS-3745|https://issues.apache.org/jira/browse/HDFS-3745] could fix my issue as well with this code: {code} - /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ + /** Same as getUGI(context, request, conf, KERBEROS, true). */ public static UserGroupInformation getUGI(ServletContext context, HttpServletRequest request, Configuration conf) throws IOException { -return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, true); +return getUGI(context, request, conf, AuthenticationMethod.KERBEROS, true); } {code} So wait HDFS-3745 to be resolved? > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin >Assignee: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119477#comment-16119477 ] Wei-Chiu Chuang commented on HADOOP-14708: -- [~cltlfcjin] bq. But KERBEROS_SSL is also kerberos, right? Based on jira HDFS-3745 (unresolved), KERBEROS_SSL is meant to be SPNEGO. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin >Assignee: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119473#comment-16119473 ] John Zhuge commented on HADOOP-14708: - Sure if it decribes your fix well. The JIRA summary usually starts with a problem description, then changed to describe the fix. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin >Assignee: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119410#comment-16119410 ] Lantao Jin commented on HADOOP-14708: - Can the title change to "Allow client with KERBEROS_SSL auth method to negotiate to server in security mode"? > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin >Assignee: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119090#comment-16119090 ] John Zhuge commented on HADOOP-14708: - [~cltlfcjin] Added you as a contributor. Assigned the JIRA to you. Thank you for the contribution! > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin >Assignee: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118429#comment-16118429 ] Lantao Jin commented on HADOOP-14708: - Sorry I don't know why the ugi client in NN (in FSCK servlet) use KERBEROS_SSL. I guess it inherited from the JspHelper. But I wonder the logical any KERBEROS_SSL from rpc can not pass through the NEGOTIATE. Return {{null}} illustrate that client isn't using kerberos. But KERBEROS_SSL is also kerberos, right? Please correct me if I misunderstand. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118414#comment-16118414 ] Lantao Jin commented on HADOOP-14708: - Hi [~jojochuang], [^FSCK-2.log] is the new log I added some debug code. I use user lajin to do FSCK from 192.168.1.22. The namenode which started with user hadoop with kerberos is handling this in 192.168.1.1. From the debug log. The ugi from DFSClient (in NN) has no tokens in it and its {{AuthenticationMethod}} is KERBEROS_SSL. I don't know why but seems the patch I submitted can work around. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118413#comment-16118413 ] Hadoop QA commented on HADOOP-14708: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 0s{color} | {color:blue} Docker mode activated. {color} | | {color:blue}0{color} | {color:blue} patch {color} | {color:blue} 0m 3s{color} | {color:blue} The patch file was not named according to hadoop's naming conventions. Please see https://wiki.apache.org/hadoop/HowToContribute for instructions. {color} | | {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 5s{color} | {color:red} HADOOP-14708 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} | \\ \\ || Subsystem || Report/Notes || | JIRA Issue | HADOOP-14708 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12880841/FSCK-2.log | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/12984/console | | Powered by | Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK-2.log, FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16115144#comment-16115144 ] Hadoop QA commented on HADOOP-14708: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 1m 45s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s{color} | {color:red} The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 14m 0s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 14m 27s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 31s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 28s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 26s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 47s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 46s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m 14s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 11m 14s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 37s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 31s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 43s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} unit {color} | {color:green} 8m 31s{color} | {color:green} hadoop-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 25s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 61m 57s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:14b5c93 | | JIRA Issue | HADOOP-14708 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12880193/HADOOP-14708.001.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle | | uname | Linux ae9ac5609e90 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / f44b349 | | Default Java | 1.8.0_131 | | findbugs | v3.1.0-RC1 | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/12959/testReport/ | | modules | C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/12959/console | | Powered by | Apache Yetus 0.6.0-SNAPSHOT http://yetus.apache.org | This message was automatically generated. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed wit
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16114841#comment-16114841 ] Wei-Chiu Chuang commented on HADOOP-14708: -- [~cltlfcjin] thanks for reporting the issue. However, I don't have the problem you described. The fsck command line tool as a client does not have problem authenticating with NN on my cluster. Furthermore, the log you posted suggests the problem is the authentication between the NameNode FsckServlet (which starts a dfsclient to connect to NN) and NameNode. If there's a bug, it is strictly a HDFS RPC authentication bug, nothing to do with JspHelper. Because it's a HDFS RPC, it should have not used KERBEROS_SSL at all. > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK.log, HADOOP-14708.001.patch > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16112351#comment-16112351 ] Lantao Jin commented on HADOOP-14708: - Hi [~daryn], since it relates to [HADOOP-9010|https://issues.apache.org/jira/browse/HADOOP-9010], what do you think about option #1? > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK.log > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16109191#comment-16109191 ] Benoy Antony commented on HADOOP-14708: --- Sure [~cltlfcjin]. I will take a look > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK.log > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14708) FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL
[ https://issues.apache.org/jira/browse/HADOOP-14708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16108745#comment-16108745 ] Lantao Jin commented on HADOOP-14708: - Could you help to review this? [~benoyantony] [~hitliuyi] > FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL > --- > > Key: HADOOP-14708 > URL: https://issues.apache.org/jira/browse/HADOOP-14708 > Project: Hadoop Common > Issue Type: Bug > Components: security >Affects Versions: 2.7.3, 2.8.1, 3.0.0-alpha3 >Reporter: Lantao Jin > Attachments: FSCK.log > > > FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck > encountered internal errors!" > FSCK use FSCKServlet to submit RPC to NameNode, it use {{KERBEROS_SSL}} as > its {{AuthenticationMethod}} in {{JspHelper.java}} > {code} > /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ > public static UserGroupInformation getUGI(ServletContext context, > HttpServletRequest request, Configuration conf) throws IOException { > return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, > true); > } > {code} > But when setup SaslConnection with server, KERBEROS_SSL will failed to create > SaslClient instance. See {{SaslRpcClient.java}} > {code} > private SaslClient createSaslClient(SaslAuth authType) > throws SaslException, IOException { > > case KERBEROS: { > if (ugi.getRealAuthenticationMethod().getAuthMethod() != > AuthMethod.KERBEROS) { > return null; // client isn't using kerberos > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org