Guanghao Zhang created PHOENIX-5904: ---------------------------------------
Summary: Add log if the configed kerberos principal login failed Key: PHOENIX-5904 URL: https://issues.apache.org/jira/browse/PHOENIX-5904 Project: Phoenix Issue Type: Improvement Components: queryserver Reporter: Guanghao Zhang {code:java} SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB, QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname); LOG.info("Login successful."); {code} But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false. {code:java} public static void login(final Configuration conf, final String keytabFileKey, final String userNameKey, String hostname) throws IOException { if(!UserGroupInformation.isSecurityEnabled()) return; String keytabFilename = conf.get(keytabFileKey); if (keytabFilename == null || keytabFilename.length() == 0) { throw new IOException("Running in secure mode, but config doesn't have a keytab"); } String principalConfig = conf.get(userNameKey, System .getProperty("user.name")); String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname); UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename); } {code} UserGroupInformation.isSecurityEnabled is configed by *hadoop.security.authentication*. But the document only said need to config *hbase.security.authentication*. So, I thought we need to add document about this, too. QueryServer doc: [https://phoenix.apache.org/server.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)