Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6991

Kerberos ticket is being dumped in the log if log level is "debug" for stdout

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • 1.15.0
    • 1.16.0
    • None
    • None

    Description

      Prerequisites:

      1. Drill is installed on cluster with Kerberos security
      2. Into conf/logback.xml, set the following log level:
          <root>
            <level value="debug" />
            <appender-ref ref="STDOUT" />
          </root>
        

      Steps:

      1. Start Drill
      2. Connect using sqlline using the following string:
        bin/sqlline -u "jdbc:drill:zk=<zk server>;principal=<kerberos principal>"
        

      Expected result:
      No sensitive information should be displayed

      Actual result:
      Kerberos ticket and session key are being dumped into console output:

      14:35:38.806 [TGT Renewer for mapr/node1.cluster.com@NODE1] DEBUG o.a.h.security.UserGroupInformation - Found tgt Ticket (hex) = 
      0000: 61 82 01 3D 30 82 01 39   A0 03 02 01 05 A1 07 1B  a..=0..9........
      0010: 05 4E 4F 44 45 31 A2 1A   30 18 A0 03 02 01 02 A1  .NODE1..0.......
      0020: 11 30 0F 1B 06 6B 72 62   74 67 74 1B 05 4E 4F 44  .0...krbtgt..NOD
      0030: 45 31 A3 82 01 0B 30 82   01 07 A0 03 02 01 12 A1  E1....0.........
      0040: 03 02 01 01 A2 81 FA 04   81 F7 03 8D A9 FA 7D 89  ................
      0050: 1B DF 37 B7 4D E6 6C 99   3E 8F FA 48 D9 9A 79 F3  ..7.M.l.>..H..y.
      0060: 92 34 7F BF 67 1E 77 4A   2F C9 AF 82 93 4E 46 1D  .4..g.wJ/....NF.
      0070: 41 74 B0 AF 41 A8 8B 02   71 83 CC 14 51 72 60 EE  At..A...q...Qr`.
      0080: 29 67 14 F0 A6 33 63 07   41 AA 8D DC 7B 5B 41 F3  )g...3c.A....[A.
      0090: 83 48 8B 2A 0B 4D 6D 57   9A 6E CF 6B DC 0B C0 D1  .H.*.MmW.n.k....
      00A0: 83 BB 27 40 88 7E 9F 2B   D1 FD A8 6A E1 BF F6 CC  ..'@...+...j....
      00B0: 0E 0C FB 93 5D 69 9A 8B   11 88 0C F2 7C E1 FD 04  ....]i..........
      00C0: F5 AB 66 0C A4 A4 7B 30   D1 7F F1 2D D6 A1 52 D1  ..f....0...-..R.
      00D0: 79 59 F2 06 CB 65 FB 73   63 1D 5B E9 4F 28 73 EB  yY...e.sc.[.O(s.
      00E0: 72 7F 04 46 34 56 F4 40   6C C0 2C 39 C0 5B C6 25  r..F4V.@l.,9.[.%
      00F0: ED EF 64 07 CE ED 35 9D   D7 91 6C 8F C9 CE 16 F5  ..d...5...l.....
      0100: CA 5E 6F DE 08 D2 68 30   C7 03 97 E7 C0 FF D9 52  .^o...h0.......R
      0110: F8 1D 2F DB 63 6D 12 4A   CD 60 AD D0 BA FA 4B CF  ../.cm.J.`....K.
      0120: 2C B9 8C CA 5A E6 EC 10   5A 0A 1F 84 B0 80 BD 39  ,...Z...Z......9
      0130: 42 2C 33 EB C0 AA 0D 44   F0 F4 E9 87 24 43 BB 9A  B,3....D....$C..
      0140: 52                                                 R
      
      Client Principal = mapr/node1.cluster.com@NODE1
      Server Principal = krbtgt/NODE1@NODE1
      Session Key = EncryptionKey: keyType=18 keyBytes (hex dump)=
      0000: 50 DA D1 D7 91 D3 64 BE   45 7B D8 02 25 81 18 25  P.....d.E...%..%
      0010: DA 59 4F BA 76 67 BB 39   9C F7 17 46 A7 C5 00 E2  .YO.vg.9...F....
      

      Attachments

        Activity

          People

            shamirwasia Sorabh Hamirwasia
            angozhiy Anton Gozhiy
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: