Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
1.15.0
-
None
-
None
Description
Prerequisites:
- Drill is installed on cluster with Kerberos security
- Into conf/logback.xml, set the following log level:
<root> <level value="debug" /> <appender-ref ref="STDOUT" /> </root>
Steps:
- Start Drill
- Connect using sqlline using the following string:
bin/sqlline -u "jdbc:drill:zk=<zk server>;principal=<kerberos principal>"
Expected result:
No sensitive information should be displayed
Actual result:
Kerberos ticket and session key are being dumped into console output:
14:35:38.806 [TGT Renewer for mapr/node1.cluster.com@NODE1] DEBUG o.a.h.security.UserGroupInformation - Found tgt Ticket (hex) = 0000: 61 82 01 3D 30 82 01 39 A0 03 02 01 05 A1 07 1B a..=0..9........ 0010: 05 4E 4F 44 45 31 A2 1A 30 18 A0 03 02 01 02 A1 .NODE1..0....... 0020: 11 30 0F 1B 06 6B 72 62 74 67 74 1B 05 4E 4F 44 .0...krbtgt..NOD 0030: 45 31 A3 82 01 0B 30 82 01 07 A0 03 02 01 12 A1 E1....0......... 0040: 03 02 01 01 A2 81 FA 04 81 F7 03 8D A9 FA 7D 89 ................ 0050: 1B DF 37 B7 4D E6 6C 99 3E 8F FA 48 D9 9A 79 F3 ..7.M.l.>..H..y. 0060: 92 34 7F BF 67 1E 77 4A 2F C9 AF 82 93 4E 46 1D .4..g.wJ/....NF. 0070: 41 74 B0 AF 41 A8 8B 02 71 83 CC 14 51 72 60 EE At..A...q...Qr`. 0080: 29 67 14 F0 A6 33 63 07 41 AA 8D DC 7B 5B 41 F3 )g...3c.A....[A. 0090: 83 48 8B 2A 0B 4D 6D 57 9A 6E CF 6B DC 0B C0 D1 .H.*.MmW.n.k.... 00A0: 83 BB 27 40 88 7E 9F 2B D1 FD A8 6A E1 BF F6 CC ..'@...+...j.... 00B0: 0E 0C FB 93 5D 69 9A 8B 11 88 0C F2 7C E1 FD 04 ....]i.......... 00C0: F5 AB 66 0C A4 A4 7B 30 D1 7F F1 2D D6 A1 52 D1 ..f....0...-..R. 00D0: 79 59 F2 06 CB 65 FB 73 63 1D 5B E9 4F 28 73 EB yY...e.sc.[.O(s. 00E0: 72 7F 04 46 34 56 F4 40 6C C0 2C 39 C0 5B C6 25 r..F4V.@l.,9.[.% 00F0: ED EF 64 07 CE ED 35 9D D7 91 6C 8F C9 CE 16 F5 ..d...5...l..... 0100: CA 5E 6F DE 08 D2 68 30 C7 03 97 E7 C0 FF D9 52 .^o...h0.......R 0110: F8 1D 2F DB 63 6D 12 4A CD 60 AD D0 BA FA 4B CF ../.cm.J.`....K. 0120: 2C B9 8C CA 5A E6 EC 10 5A 0A 1F 84 B0 80 BD 39 ,...Z...Z......9 0130: 42 2C 33 EB C0 AA 0D 44 F0 F4 E9 87 24 43 BB 9A B,3....D....$C.. 0140: 52 R Client Principal = mapr/node1.cluster.com@NODE1 Server Principal = krbtgt/NODE1@NODE1 Session Key = EncryptionKey: keyType=18 keyBytes (hex dump)= 0000: 50 DA D1 D7 91 D3 64 BE 45 7B D8 02 25 81 18 25 P.....d.E...%..% 0010: DA 59 4F BA 76 67 BB 39 9C F7 17 46 A7 C5 00 E2 .YO.vg.9...F....