Details
-
New Feature
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.7.1
-
None
-
Reviewed
-
Hadoop now includes a shell command named KDiag that helps with diagnosis of Kerberos misconfiguration problems. Please refer to the Secure Mode documentation for full details on usage of the command.
Description
If we a little command line entry point for testing kerberos settings, including some automated diagnostics checks, we could simplify fielding the client-side support calls.
Specifically
- check JRE for having java crypto extensions at full key length.
- network checks: do you know your own name?
- Is the user kinited in?
- if a tgt is specified, does it exist?
- are hadoop security options consistent?
Attachments
Attachments
Issue Links
- depends upon
-
SLIDER-1027 add a kdiag command for kerberos diagnostics
- Resolved
-
HADOOP-12649 Improve Kerberos diagnostics and failure handling
- Open
- is related to
-
HADOOP-15123 KDiag tries to load krb5.conf from KRB5CCNAME instead of KRB5_CONFIG
- Resolved