Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12426

Add Entry point for Kerberos health check

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.7.1
    • 2.8.0, 3.0.0-alpha1
    • security
    • None
    • Reviewed
    • Hadoop now includes a shell command named KDiag that helps with diagnosis of Kerberos misconfiguration problems. Please refer to the Secure Mode documentation for full details on usage of the command.

    Description

      If we a little command line entry point for testing kerberos settings, including some automated diagnostics checks, we could simplify fielding the client-side support calls.

      Specifically

      • check JRE for having java crypto extensions at full key length.
      • network checks: do you know your own name?
      • Is the user kinited in?
      • if a tgt is specified, does it exist?
      • are hadoop security options consistent?

      Attachments

        1. HADOOP-12426-001.patch
          28 kB
          Steve Loughran
        2. HADOOP-12426-002.patch
          28 kB
          Steve Loughran
        3. HADOOP-12426-003.patch
          29 kB
          Steve Loughran
        4. HADOOP-12426-004.patch
          29 kB
          Steve Loughran
        5. HADOOP-12426-006.patch
          37 kB
          Steve Loughran
        6. HADOOP-12426-007.patch
          47 kB
          Steve Loughran
        7. HADOOP-12426-008.patch
          48 kB
          Steve Loughran
        8. HADOOP-12426-009.patch
          57 kB
          Steve Loughran
        9. HADOOP-12426-010.patch
          57 kB
          Steve Loughran

        Issue Links

          depends upon

          New Feature - A new feature of the product, which has yet to be developed. SLIDER-1027 add a kdiag command for kerberos diagnostics

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-12649 Improve Kerberos diagnostics and failure handling

          • Major - Major loss of function.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-15123 KDiag tries to load krb5.conf from KRB5CCNAME instead of KRB5_CONFIG

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              stevel@apache.org Steve Loughran
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: