Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13526

Add detailed logging in KMS for the authentication failure of proxy user

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.9.0, 3.0.0-alpha1
    • Component/s: kms
    • Labels:
      None
    • Environment:

      RHEL

    • Hadoop Flags:
      Reviewed

      Description

      Problem :
      User A was not able to write a file to HDFS Encryption Zone. It was resolved by adding proxy user A in kms-site.xml
      However, the logs showed :

      2016-08-10 19:32:08,954 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request https://vm.example.com:16000/kms/v1/keyversion/aMxsSSKmMEzINTIrKURpFJgHnZxiOvsT9L1nMpbUoGu/_eek?eek_op=decrypt&doAs=userb&user.name=usera user [usera] authenticated

      Possible Solution :
      So the message which says the user was successfully authenticated comes from AuthenticationFilter.java. However, when the filter on DelegationTokenAuthenticationFilter is called it hits an exception there and there is no log message there. This leads to the confusion that we have had a success while the exception happens in the next class.

        Attachments

        1. HADOOP-13526.patch.3
          2 kB
          Suraj Acharya
        2. HADOOP-13526.patch.2
          2 kB
          Suraj Acharya
        3. HADOOP-13526.patch.1
          2 kB
          Suraj Acharya
        4. HADOOP-13526.patch
          2 kB
          Suraj Acharya

          Activity

            People

            • Assignee:
              sacharya Suraj Acharya
              Reporter:
              sacharya Suraj Acharya
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: