Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-8410

SPNEGO filter should have better error messages when not fully configured

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.0.0-alpha
    • None
    • security
    • None

    Description

      I upgraded to a build which includes SPNEGO, but neglected to configure dfs.web.authentication.kerberos.principal. This resulted in the following error:

      12/05/18 14:46:20 INFO server.KerberosAuthenticationHandler: Login using keytab //home/todd/confs/conf.pseudo.security//hdfs.keytab, for principal ${dfs.web.authentication.kerberos.principal}
      12/05/18 14:46:20 WARN mortbay.log: failed SpnegoFilter: javax.servlet.ServletException: javax.security.auth.login.LoginException: Unable to obtain password from user

      Instead, it should give an error that the principal needs to be configured. Even better would be if we could default to HTTP/_HOST@<default realm>

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-3813 Log error message if security and WebHDFS are enabled but principal/keytab are not configured

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: