[FLINK-5055] Security feature crashes JM for certain Hadoop versions even though using no Kerberos - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.2.0
Fix Version/s: 1.2.0
Component/s: Runtime / Coordination
Labels:
None

Description

A user reported [1] that the JobManager does not start when using Flink with Hadoop-2.7.0-mapr-1607 and no security activated because of

javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication
        at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:841)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:704)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)

It seems that this Hadoop version always tries to login via Kerberos even though the user did not activate it and, thus, should use AuthenticationMode.SIMPLE.

I'm not really familiar with the security feature, but my understanding is that it should not have any effect on Flink when not activated. I might be wrong here, but if not, then we should fix this problem for 1.2.0 because it prevents people from using Flink.

[1] http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-td14484.html

Attachments

Issue Links

is related to

FLINK-5364 Rework JAAS configuration to support user-supplied entries

Closed

FLINK-5361 Flink shouldn't require Kerberos credentials

Closed

links to

GitHub Pull Request #2864

Activity

People

Assignee:: Maximilian Michels

Reporter:: Till Rohrmann

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 11/Nov/16 13:51

Updated:: 28/Feb/19 11:31

Resolved:: 25/Nov/16 14:01