[HADOOP-14708] FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.7.3, 2.8.1, 3.0.0-alpha3
Fix Version/s: None
Component/s: security
Labels:
None

Description

FSCK started by xx (auth:KERBEROS_SSL) failed with exception msg "fsck encountered internal errors!"

FSCK use FSCKServlet to submit RPC to NameNode, it use KERBEROS_SSL as its AuthenticationMethod in JspHelper.java

  /** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */
  public static UserGroupInformation getUGI(ServletContext context,
      HttpServletRequest request, Configuration conf) throws IOException {
    return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, true);
  }

But when setup SaslConnection with server, KERBEROS_SSL will failed to create SaslClient instance. See SaslRpcClient.java

private SaslClient createSaslClient(SaslAuth authType)
      throws SaslException, IOException {
      ....
      case KERBEROS: {
        if (ugi.getRealAuthenticationMethod().getAuthMethod() !=
            AuthMethod.KERBEROS) {
          return null; // client isn't using kerberos
        }

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FSCK.log
01/Aug/17 11:39
12 kB
Lantao Jin
FSCK-2.log
08/Aug/17 14:47
16 kB
Lantao Jin
HADOOP-14708.001.patch
03/Aug/17 08:00
1 kB
Lantao Jin

Issue Links

is duplicated by

HDFS-12236 FsckServlet can not create SaslRpcClient with auth KERBEROS_SSL

Resolved

Activity

People

Assignee:: Lantao Jin

Reporter:: Lantao Jin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Aug/17 09:37

Updated:: 02/Oct/19 17:15