Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16457

Hadoop does not work with Kerberos config in hdfs-site.xml for simple security

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.0
    • Fix Version/s: 3.3.0
    • Component/s: None
    • Labels:
      None
    • Target Version/s:

      Description

      When http filter initializers is setup to use StaticUserWebFilter, AuthFilter is still setup. This prevents datanode to talk to namenode.

      Error message in namenode logs:

      2019-07-24 15:47:38,038 INFO org.apache.hadoop.hdfs.DFSUtil: Filter initializers set : org.apache.hadoop.http.lib.StaticUserWebFilter,org.apache.hadoop.hdfs.web.AuthFilterInitializer
      2019-07-24 16:06:26,212 WARN SecurityLogger.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: Authorization failed for hdfs (auth:SIMPLE) for protocol=interface org.apache.hadoop.hdfs.server.protocol.DatanodeProtocol: this service is only accessible by dn/eyang-5.openstacklocal@EXAMPLE.COM
      

      Errors in datanode log:

      2019-07-24 16:07:01,253 WARN org.apache.hadoop.hdfs.server.datanode.DataNode: Problem connecting to server: eyang-1.openstacklocal/172.26.111.17:9000
      

      The logic in HADOOP-16354 always added AuthFilter regardless security is enabled or not. This is incorrect. When simple security is chosen and using StaticUserWebFilter. AutheFilter check should not be required for datanode to communicate with namenode.

        Attachments

        1. HADOOP-16457-001.patch
          6 kB
          Prabhu Joseph
        2. HADOOP-16457-002.patch
          6 kB
          Prabhu Joseph

          Activity

            People

            • Assignee:
              prabhujoseph Prabhu Joseph
              Reporter:
              eyang Eric Yang
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: