Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12649

Improve Kerberos diagnostics and failure handling

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.7.1
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Environment:

      Kerberos

      Description

      Sometimes —apparently— some people cannot get kerberos to work.

      The ability to diagnose problems here is hampered by some aspects of UGI

      1. the only way to turn on JAAS debug information is through an env var, not within the JVM
      2. failures are potentially underlogged
      3. exceptions raised are generic IOEs, so can't be trapped and filtered
      4. failure handling on the TGT renewer thread is nonexistent
      5. the code is barely-readable, underdocumented mess.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                stevel@apache.org Steve Loughran
              • Votes:
                1 Vote for this issue
                Watchers:
                26 Start watching this issue

                Dates

                • Created:
                  Updated: